CVE-2017-15092 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-15092 Interim 1 9 2023-12-08T01:20:44Z current 2021-05-30T14:02:50Z 2023-12-08T01:20:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-15092 A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed pdns-recursor-4.5.5-1.3 pdns-recursor-4.5.5-1.3 as a component of openSUSE Tumbleweed A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. CVE-2017-15092 openSUSE Tumbleweed:pdns-recursor-4.5.5-1.3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N