CVE-2018-1000528
Description
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22.7.5, 2.7.5.1, 2.7.5.2+ 1 more
- (no CPE)range: 2.7.5, 2.7.5.1, 2.7.5.2
- (no CPE)range: before commit 56070d6289d47ba3f5918885954dcceb75606001
Patches
Vulnerability mechanics
Root cause
"Missing HTML escaping of the uid parameter in the password change form allows injection of arbitrary web script."
Attack vector
An attacker can craft a malicious URL or web page containing a specially crafted `uid` parameter with embedded JavaScript or HTML. When a victim opens that crafted page, the unescaped `uid` value is rendered in the change password form, causing arbitrary script execution in the victim's browser. This is a classic stored/reflected Cross-Site Scripting (XSS) attack.
Affected code
The vulnerability is in `html/password.php` at line 308, where the `$uid` variable was assigned to the Smarty template without HTML escaping. The patch changes this to `set_post($uid)`, which escapes HTML entities before assignment.
What the fix does
The commit wraps the `$uid` variable with `set_post()` before assigning it to the Smarty template. `set_post()` HTML-encodes special characters, preventing injected script tags or HTML from being interpreted by the browser. This closes the XSS vector by ensuring user-controlled input is safely rendered as text.
Preconditions
- inputThe victim must open a specially crafted web page or URL that supplies a malicious uid parameter to the password change form.
- configThe application must be running a version prior to commit 56070d6289d47ba3f5918885954dcceb75606001.
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.debian.org/security/2018/dsa-4239mitrevendor-advisoryx_refsource_DEBIAN
- github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001mitrex_refsource_MISC
- github.com/gosa-project/gosa-core/issues/14mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2018/07/msg00028.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.