Ubuntu Security Update USN-6550-1: PostfixAdmin vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,905
Reaction score
75
Credits
-1,257
It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221) It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31129) It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8272-1: Smarty vulnerability
Replies
0
Views
63
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8150-1: SPIP vulnerabilities
Replies
0
Views
157
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8411-1: Lodash vulnerabilities
Replies
0
Views
11
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8181-1: ESAPI vulnerabilities
Replies
0
Views
112
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8336-1: PHP vulnerabilities
Replies
0
Views
98
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 2,454 (members: 4, guests: 2,450)

Latest posts

Top