PT-2017-10772 · Openmediavault · Openmediavault

Published

2017-07-13

Updated

2017-07-21

CVE-2017-1000065

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenMediaVault version 2.1

Description The issue concerns multiple Cross-site scripting (XSS) vulnerabilities in the rpc.php file, specifically within the Access Rights Management (Users) functionality. This allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.

Recommendations For OpenMediaVault version 2.1, update the Access Rights Management (Users) functionality to prevent XSS vulnerabilities, ensuring that user input is properly sanitized to prevent the injection of malicious scripts. As a temporary workaround, consider restricting access to the rpc.php file until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-1000065

Affected Products

Openmediavault

PT-2017-10772 · Openmediavault · Openmediavault

CVE-2017-1000065

Weakness Enumeration

Related Identifiers

Affected Products

References · 3