Tuesday, May 19, 2020

securityonion-capme - 20121213-0ubuntu0securityonion79 resolves a Reflected XSS vulnerability

Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We've improved input validation to address this vulnerability and the following package is now available:

securityonion-capme - 20121213-0ubuntu0securityonion79

These updates should resolve the following issues:

securityonion-capme: improve input validation in functions.php #1767
https://github.com/Security-Onion-Solutions/security-onion/issues/1767

Timeline
2020-05-19 10:13 AM Eastern
Received email from Kevin Breen detailing the Reflected XSS vulnerability.

2020-05-19 10:15 AM Eastern
Acknowledged email.

2020-05-19 10:48 AM Eastern
Sent patch to Kevin for verification.

2020-05-19 12:21 PM Eastern
Received verification from Kevin and began the publishing process.

Thanks
Thanks to Kevin Breen for responsibly disclosing this vulnerability!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive