SSRF and reflected XSS attacks by calling setup with specific parameters
Fixed in 2.6.5 and 2.7.5 and later
Combodo ref N°3952 & N°3951
Many thanks to Kirill Seleznev / Kaspersky for this report !
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
Impact
SSRF and reflected XSS attacks by calling setup with specific parameters
Patches
Fixed in 2.6.5 and 2.7.5 and later
References
Combodo ref N°3952 & N°3951
Credits
Many thanks to Kirill Seleznev / Kaspersky for this report !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com