Security Onion Blog

Tuesday, May 19, 2020

securityonion-capme - 20121213-0ubuntu0securityonion79 resolves a Reflected XSS vulnerability

Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We've improved input validation to address this vulnerability and the following package is now available:

securityonion-capme - 20121213-0ubuntu0securityonion79

These updates should resolve the following issues:

securityonion-capme: improve input validation in functions.php #1767
https://github.com/Security-Onion-Solutions/security-onion/issues/1767

Timeline
2020-05-19 10:13 AM Eastern
Received email from Kevin Breen detailing the Reflected XSS vulnerability.

2020-05-19 10:15 AM Eastern
Acknowledged email.

2020-05-19 10:48 AM Eastern
Sent patch to Kevin for verification.

2020-05-19 12:21 PM Eastern
Received verification from Kevin and began the publishing process.

Thanks
Thanks to Kevin Breen for responsibly disclosing this vulnerability!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion 2.4.210 Now Available with Updated Components and New Features including Local Model Support for Onion AI!

For Security Onion Pro customers, we've made major improvements for our popular new Onion AI Assistant. Many folks have been asking for ...

Popular Posts

Blog Archive