PT-2018-5201 · Omniscale · Mapproxy

Published

2018-01-02

Updated

2022-05-13

CVE-2017-1000426

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MapProxy versions 1.10.3 and older MapProxy versions 1.11.1 and older are not accurate due to the complete fix being released in v1.11.1, so the correct range is MapProxy versions prior to 1.11.1

Corrected to: MapProxy versions prior to 1.11.1

Description The issue is related to a Cross Site Scripting attack in the demo service, which can result in possible information disclosure.

Recommendations For MapProxy versions prior to 1.10.4, update to version 1.10.4 or later for an incomplete fix. For MapProxy versions 1.10.4 and prior to 1.11.1, update to version 1.11.1 for a complete fix. At the moment, there is no information about additional mitigation measures.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-1000426

GHSA-G4RW-82HQ-8JPR

Affected Products

Mapproxy

PT-2018-5201 · Omniscale · Mapproxy

CVE-2017-1000426

Weakness Enumeration

Related Identifiers

Affected Products

References · 12