Tuesday, May 19, 2020

securityonion-capme - 20121213-0ubuntu0securityonion79 resolves a Reflected XSS vulnerability

Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We've improved input validation to address this vulnerability and the following package is now available:

securityonion-capme - 20121213-0ubuntu0securityonion79

These updates should resolve the following issues:

securityonion-capme: improve input validation in functions.php #1767
https://github.com/Security-Onion-Solutions/security-onion/issues/1767

Timeline
2020-05-19 10:13 AM Eastern
Received email from Kevin Breen detailing the Reflected XSS vulnerability.

2020-05-19 10:15 AM Eastern
Acknowledged email.

2020-05-19 10:48 AM Eastern
Sent patch to Kevin for verification.

2020-05-19 12:21 PM Eastern
Received verification from Kevin and began the publishing process.

Thanks
Thanks to Kevin Breen for responsibly disclosing this vulnerability!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive