CVE-2017-15092
N/A
N/A
Summary
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PowerDNS | PowerDNS Recursor | from 4.0.0 up to and including 4.0.6 | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/101982
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
References
- http://www.securityfocus.com/bid/101982
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.