DescriptionOCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1060863

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ocsinventory-server (PTS)buster2.5+dfsg1-1vulnerable
buster (security)2.5+dfsg1-1+deb10u1vulnerable
bookworm, sid, trixie2.8.1+dfsg1+~2.11.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Notes (2.12.1) (2.12.1)
Only supported behind an authenticated HTTP zone

Search for package or bug name: Reporting problems