FreeBSD : phpmailer -- XSS in code example and default exeception handler (c5d79773-8801-11e7-93f7-d43d7e971a1b)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

PHPMailer reports :

Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The
code_generator.phps example did not filter user input prior to output.
This file is distributed with a .phps extension, so it it not normally
executable unless it is explicitly renamed, so it is safe by default.
There was also an undisclosed potential XSS vulnerability in the
default exception handler (unused by default). Patches for both issues
kindly provided by Patrick Monnerat of the Fedora Project.

See also :

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24
http://www.nessus.org/u?eed6b523

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 102724 ()

Bugtraq ID:

CVE ID: CVE-2017-11503

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now