CVE-2015-1444

Name of the Vulnerable Software and Affected Versions fli4l versions prior to 3.10.1 fli4l versions prior to 4.0 (specifically before 2015-01-30)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend of the httpd package. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several scripts in the admin/ directory, including conntrack.cgi, index.cgi, log syslog.cgi, problems.cgi, status.cgi, status network.cgi, and status system.cgi.

Recommendations For fli4l versions prior to 3.10.1, update to version 3.10.1 or later. For fli4l versions prior to 4.0 (specifically before 2015-01-30), update to a version from 2015-01-30 or later. As a temporary workaround, consider restricting access to the vulnerable scripts in the admin/ directory until a patch is applied.