CVE-2015-1564

Published: 9 February 2015

Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.

Priority

Status

Package	Release	Status
webgui Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	lucid	Ignored (end of life)
	mantic	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist (trusty was needed)
	upstream	Needed
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Needed
	yakkety	Does not exist
	zesty	Does not exist

References

http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt
http://seclists.org/fulldisclosure/2015/Jan/79
https://www.cve.org/CVERecord?id=CVE-2015-1564
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.