Vulnerability Description
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Powerdns | Recursor | >= 4.0.0, <= 4.0.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101982Third Party AdvisoryVDB Entry
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.PatchVendor Advisory
- http://www.securityfocus.com/bid/101982Third Party AdvisoryVDB Entry
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.PatchVendor Advisory
FAQ
What is CVE-2017-15092?
CVE-2017-15092 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing ...
How severe is CVE-2017-15092?
CVE-2017-15092 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15092?
Check the references section above for vendor advisories and patch information. Affected products include: Powerdns Recursor.