USN-6550-1
- Source
- https://ubuntu.com/security/notices/USN-6550-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6550-1.json
- Related
- Published
- 2023-12-12T12:15:17.295752Z
- Modified
- 2023-12-12T12:15:17.295752Z
- Summary
- postfixadmin vulnerabilities
- Details
-
It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221)
It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-31129)
It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447)
- References
Affected packages
Ubuntu:Pro:18.04:LTS / postfixadmin
Package
- Name
- postfixadmin
Ubuntu:Pro:20.04:LTS / postfixadmin
Package
- Name
- postfixadmin