(old) Security update in GuppY

août 12th, 2012 | Posted by Cervoise in English

Software

Name GuppY
URL http://www.freeguppy.org
Description An easy, free and databaseless web portal, will allow you to generate very easily a complete and interactive web site.

Vulnerabilities

Impact Cross-site scripting (XSS) vulnerability (CWE-79)
Affected version 4.6.13a, older versions are likely to be affected
Description Two vulnerabilities were fixed in version 4.6.14.
Cross-site scripting (XSS) vulnerabilities allow remote attackers to inject persistent arbitrary web script via « your website » field in the user profil and in the gold book. The vulnerabilities were due to a bad filtering of double quote in this field.
Exploit Private exploit exists.
CVSS v2 base score 6.8 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Solution Upgrade to version 4.6.14
CVE no CVE affected

Reminder

These are old vulnerabilities and there are others security fixs existing for GuppY since this one. It’s recommanded to use the latest version. Security recommandation for GuppY are available at www.freeguppy.org

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Time limit is exhausted. Please reload the CAPTCHA.