---

CVE-2017-15092 - log back

CVE-2017-15092 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Cross-site scripting
Description	+ An issue has been found in the web interface of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
References	+ https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html + https://github.com/PowerDNS/pdns/commit/fd30387c26144cda3a5ab50c3946635bec1020b7
Notes