CVE-2017-15092: XSS
First published: Tue Jan 23 2018(Updated: )
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PowerDNS Recursor | >=4.0.0<=4.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-15092?
CVE-2017-15092 is a cross-site scripting vulnerability found in the web interface of PowerDNS Recursor from version 4.0.0 up to and including 4.0.6.
What is the severity of CVE-2017-15092?
The severity of CVE-2017-15092 is medium with a CVSS score of 6.1.
How does CVE-2017-15092 affect PowerDNS Recursor?
CVE-2017-15092 allows a remote attacker to inject HTML and Javascript code into the web interface of PowerDNS Recursor, potentially altering the displayed content.
How can I fix CVE-2017-15092?
To fix CVE-2017-15092, update your PowerDNS Recursor installation to a version higher than 4.0.6.
Where can I find more information about CVE-2017-15092?
You can find more information about CVE-2017-15092 in the SecurityFocus and PowerDNS Recursor security advisory links provided.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- agent/remedy
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/powerdns
- canonical/powerdns recursor
- version/powerdns recursor/4.0.0
- version/powerdns recursor/4.0.6