Meet the Support Network
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by <script></script> tags.</p> <div class="wrsn-cve-info"> <div class="row"> <div class="col-xs-12 col-sm-4"><strong>Priority: </strong>LOW</div> <div class="col-xs-12 col-sm-4"><strong>CVSS v3: </strong>5.4</div> <div class="col-xs-12 col-sm-4"><strong>Component: </strong>It doesn't impact WRLinux.</div> <div class="col-xs-12 col-sm-4"><strong>Publish Date: </strong>Sep 16, 2018</div> <div class="col-xs-12 col-sm-4"><strong>Related ID: </strong>--</div> <div class="col-xs-12 col-sm-4"><strong>CVSS v2: </strong> 3.5</div> <div class="col-xs-12 col-sm-4"><strong>Modified Date: </strong> Sep 16, 2018</div> </div> </div> <p class="help-block wrsn-cve-info-help" style="font-size: 14px;"> Find out more about <a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17090" target="_blank" onclick="javascript:ga('send', 'event', 'CVE', 'External Link' , 'CVE-2018-17090 on NVC.NIST.GOV');">CVE-2018-17090</a> from the <a href="https://cve.mitre.org/about/index.html" onclick="javascript:ga('send', 'event', 'CVE', 'External Link' , 'MITRE Corporation');" target="_blank">MITRE-CVE</a> dictionary and <a href="https://nvd.nist.gov/" target="_blank" onclick="javascript:ga('send', 'event', 'CVE', 'External Link' , 'NVC.NIST.GOV');">NIST NVD</a></p> <hr> <h3 class="wrsn-section-subheader wrsn-is-medium">Products Affected</h3> <p class="help-block" style="font-size: 14px;">Login may be required to access defects or downloads.</p> <div class="wrsn-details-table"> <table class="table"> <thead> <tr> <th width="15%">Product Name</th> <th width="10%">Status</th> <th width="12%">Defect</th> <th width="12%">Fixed</th> <th width="51%">Downloads</th> </tr> </thead> <tbody> <tr> <td colspan="5"><strong>Linux</strong></td> </tr> <tr> <td>Wind River Linux LTS 17</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux 8</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux 9</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux 7</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux LTS 21</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux LTS 22</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux LTS 18</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux LTS 19</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux CD release</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux 6</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>Wind River Linux LTS 23</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td colspan="5"><strong>VxWorks</strong></td> </tr> <tr> <td>VxWorks 7</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td>VxWorks 6.9</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> <tr> <td colspan="5"><strong>Helix Virtualization Platform Cert Edition</strong></td> </tr> <tr> <td>Helix Virtualization Platform Cert Edition</td> <td> Not Vulnerable </td> <td> -- </td> <td> -- </td> <td> -- </td> </tr> </tbody> </table> </div> <h3 class="wrsn-section-subheader wrsn-is-medium">Related Products</h3> <div class="wrsn-details-table"> <table class="table"> <thead> <tr> <th width="15%">Product Name</th> <th width="10%">Status</th> <th width="12%">Defect</th> <th width="12%">Fixed</th> <th width="51%">Downloads</th> </tr> </thead> <tbody> </tbody> </table> </div> <!-- <h3 class="wrsn-section-subheader wrsn-is-medium">Comments</h3> <p class="p-16">It doesn't impact WRLinux.</p> --> <!-- display visibility --> <br /> <small><b>Notes</b></small><br /> <small style="padding-top:20px">Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see <a href="https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions">https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions</a> and <a href="https://support2.windriver.com/index.php?page=plc">https://support2.windriver.com/index.php?page=plc</a> for more information.</small> </div> </div> </div></div><style> a.wrsn-chat{ background:none; } a.wrsn-chat { border-radius: 5px 5px 0 0; position: fixed; right: 20px; bottom: 0; z-index: 10000; padding: 6px 10px !important; color: #fff; width: 180px; text-decoration: none; display: block; webkit-box-sizing:content-box; -moz-box-sizing:content-box; box-sizing:content-box; background-image: none; } .wrsn-chat.is-online { background: #339933 !important; } a.wrsn-chat.is-online:hover{ color:#e5fce5; } .wrsn-chat.is-offline { background: #993333 !important; } a.wrsn-chat.is-offline:hover { color:#ffebeb; } .wrsn-chat-status { float: right; font-size: 12px; line-height: 28px; } .wrsn-chat-status-online, .wrsn-chat-status-offline { display: none; } .wrsn-chat.is-online .wrsn-chat-status-online { display: inline-block; } .wrsn-chat.is-offline .wrsn-chat-status-offline { display: inline-block; } .wrsn-chat-icon { font-size: 28px; line-height: 28px; float: left; } .wrsn-chat-title { font-size: 12px; text-transform: uppercase; font-weight: bold; line-height: 28px; float: left; margin-left: 7px; } </style> <div id="liveagent_button_online"> <a onclick="liveagent.startChat('573G0000000XZAq')" href="javascript://Chat" class="wrsn-chat is-online"> <div class="wrsn-chat-icon"><span class="fa fa-comments"></span></div> <div class="wrsn-chat-title">Live chat</div> <div class="wrsn-chat-status"><span class="wrsn-chat-status-online">Online</span></div> <div class="clearfix"></div> </a> </div> <div style="display:none" id="liveagent_button_offline"> <a class="wrsn-chat is-offline" href="#"> <div class="wrsn-chat-icon"><span class="fa fa-comments"></span></div> <div class="wrsn-chat-title">Live chat</div> <div class="wrsn-chat-status"><span class="wrsn-chat-status-offline">Offline</span></div> <div class="clearfix"></div> </a> </div> <script type="text/javascript" src="https://c.la1w1.salesforceliveagent.com/content/g/js/32.0/deployment.js"></script> <script> function CallbackAgentChat(e){ if (e == liveagent.BUTTON_EVENT.BUTTON_AVAILABLE) { document.getElementById('liveagent_button_online').style.display ='block'; document.getElementById('liveagent_button_offline').style.display ='none'; } if (e == liveagent.BUTTON_EVENT.BUTTON_UNAVAILABLE) { document.getElementById('liveagent_button_online').style.display ='none'; document.getElementById('liveagent_button_offline').style.display ='block'; } } if (!window._laq) { window._laq = []; } window._laq.push(function(){ //liveagent.addButtonEventHandler('573G0000000XZAq', CallbackAgentChat); liveagent.showWhenOnline('573G0000000XZAq', document.getElementById('liveagent_button_online')); liveagent.showWhenOffline('573G0000000XZAq', document.getElementById('liveagent_button_offline')); }); //Live chat INIT liveagent.init('https://d.la1w1.salesforceliveagent.com/chat', '572G0000000XZAb', '00Dd0000000hD1o'); </script><div class="wrsn-footer"> <div class="wrsn-wrapper"> <div class="wrsn-footer-logo"> <a href="https://www.windriver.com"><img width="100%" height="100%" alt="Wind River Support Network" src="https://support2.windriver.com/layout/admin//images/wndrvr_support-network-black.png"></a> </div> <div class="clearfix wrsn-clear-mobile"></div> <div class="wrsn-footer-menus"> <div class="wrsn-footer-menu-main"> <ul> <li><a href="https://support2.windriver.com/index.php?page=support-polices" onclick="javascript:ga('send', 'event', 'Footer', 'Link', 'Product Support Policies');">Product Support Policies</a></li> <li><a href="https://www.windriver.com/company/" onclick="javascript:ga('send', 'event', 'Footer', 'Link', 'About Wind River');">About Wind River</a></li> <li><a href="https://www.windriver.com/news/" onclick="javascript:ga('send', 'event', 'Footer', 'Link', 'Newsroom');">Newsroom</a></li> <li><a href="https://www.windriver.com/company/contact/" onclick="javascript:ga('send', 'event', 'Footer', 'Link', 'Contact Us');">Contact Us</a></li> </ul> <div class="clearfix"></div> </div> <div class="wrsn-footer-menu-secondary"> <ul> <li><a rel="noopener" href="https://www.windriver.com/company/terms/" onclick="javascript:ga('send', 'event', 'Footer Secondary', 'Link' , 'Terms of Use');" target="_blank">Terms of Use</a></li> <li><a rel="noopener" href="https://www.windriver.com/company/terms/privacy.html" onclick="javascript:ga('send', 'event', 'Footer Secondary', 'Link' , 'Privacy');" target="_blank">Privacy</a></li> <li><a rel="noopener" href="https://support.windriver.com/ols/forms/olsfeedback.php" onclick="javascript:ga('send', 'event', 'Footer Secondary', 'Link' , 'Feedback');" target="_blank">Feedback</a></li> <li><a href="https://support2.windriver.com/index.php?page=rss" onclick="javascript:ga('send', 'event', 'Footer Secondary', 'Link' , 'RSS Feed');">RSS Feed</a></li> <li>© 2024 Wind River Systems, Inc.</li> </ul> <div class="clearfix"></div> </div> </div> <div class="wrsn-footer-social-menu"> <ul> <li><a rel="nofollow" href="http://www.linkedin.com/company/wind-river" onclick="javascript:ga('send', 'event', 'Footer Social', 'Link', 'Linkedin');"><img width="100%" height="100%" alt="Linkedin" src="https://support2.windriver.com/layout/admin/images/footer-menu-linkedin.png"></a></li> <li class="wrsn-is-fb"><a rel="nofollow" href="http://www.facebook.com/WindRiverSystems?sk=wall" onclick="javascript:ga('send', 'event', 'Footer Social', 'link', 'Facebook');"><img width="100%" height="100%" alt="Facebook" src="https://support2.windriver.com/layout/admin/images/footer-menu-facebook.png"></a></li> <li><a rel="nofollow" href="http://twitter.com/WindRiver" onclick="javascript:ga('send', 'event', 'Footer Social', 'Link', 'Twitter');"><img width="100%" height="100%" alt="Twitter" src="https://support2.windriver.com/layout/admin/images/footer-menu-twitter.png"></a></li> <li><a rel="nofollow" href="http://www.youtube.com/user/windriverchannel" onclick="javascript:ga('send', 'event', 'Footer Social', 'Link', 'Youtube');"><img width="100%" height="100%" alt="Youtube" src="https://support2.windriver.com/layout/admin/images/footer-menu-youtube.png"></a></li> </ul> <div class="clearfix"></div> </div> <div class="clearfix"></div> </div> </div><script type="text/javascript" src="https://support2.windriver.com/37e1b005a9784471dae0675f5c272fc0.js"></script> <div id="container_wrsn_holder"></div></body> </html>
