A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101982 | Third Party Advisory VDB Entry |
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-11-27T00:00:00
Updated: 2018-01-24T10:57:01
Reserved: 2017-10-08T00:00:00
Link: CVE-2017-15092
JSON object: View
NVD Information
Status : Modified
Published: 2018-01-23T15:29:00.323
Modified: 2019-10-09T23:24:12.110
Link: CVE-2017-15092
JSON object: View
Redhat Information
No data.
CWE