{"id":"USN-6550-1","summary":"postfixadmin vulnerabilities","details":"It was discovered that Smarty, that is integrated in the PostfixAdmin\ncode, was not properly sanitizing user input when generating templates. An\nattacker could, through PHP injection, possibly use this issue to execute\narbitrary code. (CVE-2022-29221)\n\nIt was discovered that Moment.js, that is integrated in the PostfixAdmin\ncode, was using an inefficient parsing algorithm when processing date\nstrings in the RFC 2822 standard. An attacker could possibly use this\nissue to cause a denial of service. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-31129)\n\nIt was discovered that Smarty, that is integrated in the PostfixAdmin\ncode, was not properly escaping JavaScript code. An attacker could\npossibly use this issue to conduct cross-site scripting attacks (XSS).\n(CVE-2023-28447)\n","modified":"2026-04-24T09:45:14.210875Z","published":"2023-12-12T12:15:17Z","related":["UBUNTU-CVE-2022-29221","UBUNTU-CVE-2022-31129","UBUNTU-CVE-2023-28447"],"upstream":["CVE-2022-29221","CVE-2022-31129","CVE-2023-28447","UBUNTU-CVE-2022-29221","UBUNTU-CVE-2022-31129","UBUNTU-CVE-2023-28447"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6550-1"}],"affected":[{"package":{"name":"postfixadmin","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/postfixadmin@3.0.2-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2-2ubuntu0.1~esm1"}]}],"versions":["3.0.2-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"postfixadmin","binary_version":"3.0.2-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6550-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[]}}},{"package":{"name":"postfixadmin","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/postfixadmin@3.2.1-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.1-3ubuntu0.1~esm1"}]}],"versions":["3.2.1-2","3.2.1-3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"postfixadmin","binary_version":"3.2.1-3ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6550-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[]}}},{"package":{"name":"postfixadmin","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/postfixadmin@3.3.10-2ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.10-2ubuntu0.1~esm1"}]}],"versions":["3.3.7-1","3.3.10-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"postfixadmin","binary_version":"3.3.10-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6550-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}