CVE-2011-3361
Published: 3 October 2011
Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi.
Priority
Status
Package | Release | Status |
---|---|---|
backuppc Launchpad, Ubuntu, Debian |
hardy |
Released
(3.0.0-4ubuntu1.3)
|
lucid |
Released
(3.1.0-9ubuntu1.2)
|
|
maverick |
Released
(3.1.0-9ubuntu2.2)
|
|
natty |
Released
(3.2.0-3ubuntu4.2)
|
|
oneiric |
Not vulnerable
(3.2.1-1ubuntu1)
|
|
upstream |
Released
(3.2.1)
|
|
Patches: upstream: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24 |