Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6550-1
HistoryDec 12, 2023 - 12:15 p.m.

postfixadmin vulnerabilities

2023-12-1212:15:17
Google
osv.dev
12
postfixadmin
vulnerabilities
smarty
moment.js
php injection
arbitrary code
denial of service
ubuntu 22.04 lts
javascript code
cross-site scripting attacks

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.008

Percentile

81.4%

JSON

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)

It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-31129)

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
possibly use this issue to conduct cross-site scripting attacks (XSS).
(CVE-2023-28447)

Related

nessus 35
ubuntu 3
openvas 25
osv 13
cvelist 4
github 3
fedora 9
githubexploit 2
prion 4
debian 3
veracode 3
ubuntucve 3
friendsofphp 2
cve 4
mageia 4
debiancve 3
nvd 4
ibm 38
redhat 27
redhatcve 1
attackerkb 1
hackerone 1
huntr 1
qualysblog 1
atlassian 3
freebsd 1
gentoo 1
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)
2023-12-12 00:00:00
Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)
2023-04-13 00:00:00
Debian DLA-3033-1 : smarty3 - LTS security update
2022-05-31 00:00:00
ubuntu
ubuntu
PostfixAdmin vulnerabilities
2023-12-12 00:00:00
Smarty vulnerability
2023-04-13 00:00:00
Moment.js vulnerabilities
2022-08-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6550-1)
2023-12-13 00:00:00
Debian: Security Advisory (DLA-3033-1)
2022-06-01 00:00:00
Fedora: Security Advisory for php-Smarty (FEDORA-2023-4b03f6cd8a)
2023-04-13 00:00:00
osv
osv
smarty3 - security update
2022-05-29 00:00:00
PHP Code Injection by malicious block or filename in Smarty
2022-05-25 20:15:02
smarty3 vulnerability
2023-04-13 07:16:07
cvelist
cvelist
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
2022-05-24 00:00:00
CVE-2023-28447 Cross site scripting vulnerability in Javascript escaping in smarty/smarty
2023-03-28 20:07:39
CVE-2022-31129 Inefficient Regular Expression Complexity in moment
2022-07-06 00:00:00
github
github
PHP Code Injection by malicious block or filename in Smarty
2022-05-25 20:15:02
smarty Cross-site Scripting vulnerability in Javascript escaping
2023-03-29 18:31:35
Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-07-06 18:38:49
fedora
fedora
[SECURITY] Fedora 36 Update: php-Smarty-3.1.48-1.fc36
2023-04-12 01:39:15
[SECURITY] Fedora 37 Update: php-Smarty-3.1.48-1.fc37
2023-04-12 01:34:31
[SECURITY] Fedora 38 Update: php-Smarty-3.1.48-1.fc38
2023-04-15 02:15:24
githubexploit
githubexploit
Exploit for Cross-site Scripting in Smarty
2023-03-30 10:28:20
Exploit for Code Injection in Smarty
2022-05-25 06:02:23
prion
prion
Code injection
2022-05-24 15:15:00
Design/Logic Flaw
2023-03-28 21:15:00
Input validation
2022-07-06 18:15:00
debian
debian
[SECURITY] [DLA 3033-1] smarty3 security update
2022-05-29 15:01:25
[SECURITY] [DLA 3295-1] node-moment security update
2023-01-30 21:29:16
[SECURITY] [DSA 5151-1] smarty3 security update
2022-05-29 14:57:57
veracode
veracode
Arbitrary Code Injection
2022-05-25 05:09:41
Cross-Site Scripting (XSS)
2023-04-04 11:26:16
Regular Expression Denial Of Service (ReDoS)
2022-07-07 05:14:54
ubuntucve
ubuntucve
CVE-2022-29221
2022-05-24 00:00:00
CVE-2023-28447
2023-03-28 00:00:00
CVE-2022-31129
2022-07-06 00:00:00
friendsofphp
friendsofphp
PHP Code Injection by malicious block or filename
2022-05-17 12:59:00
Cross site scripting vulnerability in Javascript escaping
2023-03-28 19:41:00
cve
cve
CVE-2022-29221
2022-05-24 15:15:07
CVE-2023-28447
2023-03-28 21:15:11
CVE-2022-31129
2022-07-06 18:15:19
mageia
mageia
Updated php-smarty packages fix security vulnerability
2022-06-13 23:44:20
Updated php-smarty packages fix security vulnerability
2023-04-24 03:20:26
Updated jupyter-notebook packages fix security vulnerabilities
2024-03-16 04:42:48
debiancve
debiancve
CVE-2022-29221
2022-05-24 15:15:07
CVE-2023-28447
2023-03-28 21:15:11
CVE-2022-31129
2022-07-06 18:15:19
nvd
nvd
CVE-2022-29221
2022-05-24 15:15:07
CVE-2023-28447
2023-03-28 21:15:11
CVE-2022-31129
2022-07-06 18:15:19
ibm
ibm
Security Bulletin: A security vulnerability in Node.js moment affects IBM Cloud Pak for Watson AIOps Infrastructure Automation
2022-10-22 20:33:44
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Moment denial of service (CVE-2022-31129)
2023-02-07 21:32:04
Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)
2023-07-28 19:54:53
redhat
redhat
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
2022-08-08 08:18:33
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
2022-08-08 08:12:25
(RHSA-2022:6392) Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update
2022-09-08 11:19:30
redhatcve
redhatcve
CVE-2022-31129
2022-07-07 20:44:44
attackerkb
attackerkb
CVE-2022-31129
2022-07-06 00:00:00
hackerone
hackerone
Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-09-26 11:16:15
huntr
huntr
Regular Expression Denial of Service (ReDoS)
2022-06-06 11:09:00
qualysblog
qualysblog
Detection of Vulnerabilities in JavaScript Libraries
2023-01-16 11:46:18
atlassian
atlassian
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
2023-03-27 07:30:38
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-01-06 00:00:00
gentoo
gentoo
Smarty: Multiple vulnerabilities
2022-09-25 00:00:00

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.008

Percentile

81.4%

JSON
Related for OSV:USN-6550-1
nessus35ubuntu3openvas25osv13cvelist4github3fedora9githubexploit2prion4debian3veracode3ubuntucve3friendsofphp2cve4mageia4debiancve3nvd4ibm38redhat27redhatcve1attackerkb1hackerone1huntr1qualysblog1atlassian3freebsd1gentoo1