CVE-2011-5081

NameCVE-2011-5081
DescriptionCross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs661011

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
backuppc (PTS)jessie3.3.0-2+deb8u1fixed
stretch3.3.1-4fixed
buster3.3.2-2+deb10u1fixed
bullseye4.4.0-3fixed
bookworm4.4.0-8fixed
sid, trixie4.4.0-10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
backuppcsourcesqueeze3.1.0-9.1
backuppcsource(unstable)3.1.0-9.1low661011

Notes

[lenny] - backuppc <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems