Source: ocsinventory-server Version: 2.8.1+dfsg1+~2.11.1-1 Severity: important Tags: security upstream Forwarded: https://github.com/OCSInventory-NG/OCSInventory-ocsreports/pull/1545 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for ocsinventory-server. CVE-2023-3726[0]: | OCSInventory allow stored email template with special characters | that lead to a Stored cross-site Scripting. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3726 https://www.cve.org/CVERecord?id=CVE-2023-3726 [1] https://github.com/OCSInventory-NG/OCSInventory-ocsreports/pull/1545 [2] https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/78b5545b0a2e3e484605d9364424d6b924897aaf [3] https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/91780aefb904c9eac114e99246b3bef0d4e7d83c Please adjust the affected versions in the BTS as needed. Regards, Salvatore