Candidate: CVE-2017-15092
PublicDate: 2018-01-23 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092
 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
 https://downloads.powerdns.com/patches/2017-05/
Description:
 A cross-site scripting issue has been found in the web interface of
 PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of
 DNS queries was displayed without any escaping, allowing a remote attacker
 to inject HTML and Javascript code into the web interface, altering the
 content.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_pdns-recursor:
upstream_pdns-recursor: released (4.0.7-1)
precise/esm_pdns-recursor: DNE
trusty_pdns-recursor: not-affected (code not present)
trusty/esm_pdns-recursor: DNE (trusty was not-affected [code not present])
xenial_pdns-recursor: ignored (end of standard support, was needed)
zesty_pdns-recursor: ignored (reached end-of-life)
artful_pdns-recursor: ignored (reached end-of-life)
bionic_pdns-recursor: not-affected (4.1.1-2)
cosmic_pdns-recursor: not-affected (4.1.1-2)
disco_pdns-recursor: not-affected (4.1.1-2)
eoan_pdns-recursor: not-affected (4.1.1-2)
focal_pdns-recursor: not-affected (4.1.1-2)
groovy_pdns-recursor: not-affected (4.1.1-2)
hirsute_pdns-recursor: not-affected (4.1.1-2)
impish_pdns-recursor: not-affected (4.1.1-2)
jammy_pdns-recursor: not-affected (4.1.1-2)
devel_pdns-recursor: not-affected (4.1.1-2)