CVE-2011-5081

NameCVE-2011-5081
DescriptionCross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs661011

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
backuppc (PTS)buster3.3.2-2+deb10u1fixed
bullseye4.4.0-3fixed
trixie, sid, bookworm4.4.0-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
backuppcsourcesqueeze3.1.0-9.1
backuppcsource(unstable)3.1.0-9.1low661011

Notes

[lenny] - backuppc <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems