Debian Security Advisory
DSA-2882-1 extplorer -- security update
- Date Reported:
- 20 Mar 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 741908.
In Mitre's CVE dictionary: CVE-2013-5951.
- More information:
Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attacker can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.0b6+dfsg.2-1+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in version 2.1.0b6+dfsg.3-4+deb7u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your extplorer packages.