Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 404987 (CVE-2011-5081)

Summary: <app-backup/backuppc-3.2.1 : XSS flaw in RestoreFile.pm (CVE-2011-5081)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: app-backup
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=795016
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-02-20 09:33:02 UTC 
From redhat bugzilla at $URL:

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5081 to
the following vulnerability:

Name: CVE-2011-5081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5081
Assigned: 20120217
Reference: http://seclists.org/bugtraq/2011/Apr/266
Reference:
https://www.htbridge.ch/advisory/multiple_xss_vulnerabilities_in_backuppc.html
Reference: http://www.osvdb.org/72055
Reference: http://secunia.com/advisories/44385
Reference: http://xforce.iss.net/xforce/xfdb/67170

Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC
3.1.0, 3.2.1, and possibly other earlier versions allows remote
attackers to inject arbitrary web script or HTML via the share
parameter in a RestoreFile action to index.cgi.
Comment 1 Agostino Sarubbo gentoo-dev 2012-02-20 09:37:39 UTC 
This is already fixed, is only to track CVE number