CVE-2017-15092 log

Severity Medium
Remote Yes
Type Cross-site scripting
An issue has been found in the web interface of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Group Package Affected Fixed Severity Status Ticket
AVG-520 powerdns-recursor 4.0.6-3 4.0.7-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Nov 2017 ASA-201711-31 AVG-520 powerdns-recursor Medium multiple issues