From ${URL} : Description Gjoko Krstic has discovered a vulnerability in Caucho Resin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after /resin-admin/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 4.0.36. Other versions may also be affected. Solution No official solution is currently available. Provided and/or discovered by Gjoko Krstic (LiquidWorm) Original Advisory ZSL-2013-5143: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5143.php @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Security, you can close this bug once 431416 is sorted. Thank you.
Security, please proceed.
GLSA vote: no.
GLSA Vote: No
