CVE-2012-0869 — fex - cross-site scripting

Description

Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

How to fix CVE-2012-0869

To remediate CVE-2012-0869, upgrade the affected package to a fixed version below.

Debian/fex—upgrade to 20120215-1 or later
Debian/fex—upgrade to 20100208+debian1-1+squeeze2 or later

Is CVE-2012-0869 being exploited?

Moderate — EPSS is 11.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 20120215-1
from 0, < 20100208+debian1-1+squeeze2

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0869