Multiple cross-site scripting (XSS) vulnerabilities have been discovered in extplorer, a web file explorer and manager using Ext JS. A remote attacker can inject arbitrary web script or HTML code via a crafted string in the URL to application.js.php, admin.php, copy_move.php, functions.php, header.php and upload.php.

For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.0b6+dfsg.2-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.1.0b6+dfsg.3-4+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your extplorer packages.

a web-based File Manager. You can use it to: * browse directories & files on the server and * edit, copy, move, delete files, * search, upload and download files, * create and extract archives, * create new files and directories, * change file permissions (chmod) and much more...

extplorer on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-2882.html

---

Updated on 2015-03-25