CVE-2011-3199

Gplhost Domain Technologie Control < 0.32.11 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.

References (5)

[Various Sources] http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=blob%3Bf=debian/changelog%3Bhb=3eb6ef5cea6c571aae5e49e1930de778eca280c3

[Issue Tracking] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2365

[Mailing List] http://www.openwall.com/lists/oss-security/2011/08/13/1

[Mailing List] http://www.openwall.com/lists/oss-security/2011/08/24/10

Scores

EPSS 0.0023

EPSS Percentile 45.7%

Details

CWE

CWE-79

Status published

Products (36)

gplhost/domain_technologie_control < 0.32.11

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

gplhost/domain_technologie_control

... and 26 more

Published Mar 21, 2014

Tracked Since Feb 18, 2026