Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2012:0151
HistoryFeb 21, 2012 - 12:00 a.m.

(RHSA-2012:0151) Moderate: conga security, bug fix, and enhancement update

2012-02-2100:00:00
access.redhat.com
10

EPSS

0.003

Percentile

69.3%

JSON

The conga packages provide a web-based administration tool for remote
cluster and storage management.

Multiple cross-site scripting (XSS) flaws were found in luci, the conga
web-based administration application. If a remote attacker could trick a
user, who was logged into the luci interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user’s luci session. (CVE-2010-1104, CVE-2011-1948)

These updated conga packages include several bug fixes and an enhancement.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to
in the References, for information on the most significant of these
changes.

Users of conga are advised to upgrade to these updated packages, which
correct these issues and add this enhancement. After installing the updated
packages, luci must be restarted (“service luci restart”) for the update to
take effect.

Related

nessus 3
oraclelinux 1
openvas 3
cvelist 3
github 3
ubuntucve 3
osv 4
prion 3
nvd 3
cve 3
veracode 1
nessus
nessus
Scientific Linux Security Update : conga on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
Oracle Linux 5 : conga (ELSA-2012-0151)
2013-07-12 00:00:00
RHEL 5 : conga (RHSA-2012:0151)
2013-01-24 00:00:00
oraclelinux
oraclelinux
conga security, bug fix, and enhancement update
2012-03-01 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0151)
2015-10-06 00:00:00
Zope 'standard_error_message' Cross-Site Scripting Vulnerability
2010-01-20 00:00:00
Zope XSS Vulnerability (Jan 2010)
2010-01-20 00:00:00
cvelist
cvelist
CVE-2010-1104
2010-03-25 17:00:00
CVE-2011-1948
2011-06-06 19:00:00
CVE-2011-4924
2019-11-25 17:03:14
github
github
Moderate severity vulnerability that affects Zope2
2018-07-23 19:51:28
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
2018-07-23 19:50:57
Zope XSS Vulnerability
2022-04-22 00:24:16
ubuntucve
ubuntucve
CVE-2010-1104
2010-03-25 00:00:00
CVE-2011-1948
2011-06-06 00:00:00
CVE-2011-4924
2019-11-25 00:00:00
osv
osv
Moderate severity vulnerability that affects Zope2
2018-07-23 19:51:28
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
2018-07-23 19:50:57
PYSEC-2011-14
2011-06-06 19:55:00
prion
prion
Cross site scripting
2011-06-06 19:55:00
Cross site scripting
2010-03-25 17:30:00
Cross site scripting
2019-11-25 18:15:00
nvd
nvd
CVE-2010-1104
2010-03-25 17:30:00
CVE-2011-1948
2011-06-06 19:55:02
CVE-2011-4924
2019-11-25 18:15:11
cve
cve
CVE-2010-1104
2010-03-25 17:30:00
CVE-2011-1948
2011-06-06 19:55:02
CVE-2011-4924
2019-11-25 18:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2019-11-26 03:46:39

EPSS

0.003

Percentile

69.3%

JSON
Related for RHSA-2012:0151
nessus3oraclelinux1openvas3cvelist3github3ubuntucve3osv4prion3nvd3cve3veracode1