Debian DSA-4239-1 : gosa - security update
Medium Nessus Plugin ID 110911
Synopsis
The remote Debian host is missing a security-related update.
Description
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.
Solution
Upgrade the gosa packages.
For the stable distribution (stretch), this problem has been fixed in version gosa 2.7.4+reloaded2-13+deb9u1.