oss-sec mailing list archives
Re: CVE request: zabbix persistent XSS flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 16 Dec 2011 15:25:52 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/16/2011 03:16 PM, Vincent Danen wrote:
Could a CVE be assigned to this flaw? Zabbix 1.8.10rc1 was released to correct persistant cross-site scripting vulnerabilities due to improper sanitization of the gname variable when creating user and host groups. References: http://www.zabbix.com/rn1.8.10rc1.php https://support.zabbix.com/browse/ZBX-4015 https://bugzilla.redhat.com/show_bug.cgi?id=768525
Please use CVE-2011-4615 for this issue. - -- - -Kurt Seifried / Red Hat Security Response Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBAgAGBQJO68VwAAoJEBYNRVNeJnmT+4oP/jiCMcsybieFQ4Ds4IEsH52k +8lGLSWER6vchRhjJZs7LNcHalsrGJTbnQtBPAAHF89m8kgYEE5jcaGuVzwaRmkP IygrCyIBLKNguKUniwD7eUbkYXIJK3zKLqiYGIRKSet3T539foGzCo+4nYueTQZr nI7dJeXdsyZe+2Z3AtYWfqtk7srNXAMf4KCRyITfcpDZt1iR4b2UQHuL/D/pcBJI l4+q+QL1wnfXXYGzIELDga4WnOCWHyMa5IU9PRv0DFKnXLk4qxzyDrgbLRdw0OvB m6mVj41eUe5zePUqEgWgeuLZ1aWzv2nGYsiNJOCSupD2loa1Lvh+7rrGbNJfS14W SEP8FjLvqX+nYexyclt3wPQleLAw3CobjpUOVmdysFXxh7oUlEiS0mROkDflzz0F Xqr6d8Jk9DysWhJ5E2Ciz466/0X53GXa7gD7Lk88ecZUTg+w0jCpci0z+Q887Mup tgl4fbD/Rk/DhkJz35QBbnLp8oeAQIwnwO0iWkZC8wkGjQxuaOPqM2xEjIxNfn9f bu8eqNJLoWrAy0lahnFhBrNm67YnJ3XAHK65/9IMhVnt+KufC9A44isknn/P7Iwl diAjaOWwn4aWKjmuiGKLaguIaGzUql1tJQlFwVHXr36WQePuaIX/a3xkvSWLGefb /zC7tkRNt2CnPAEnATur =4mxv -----END PGP SIGNATURE-----
Current thread:
- CVE request: zabbix persistent XSS flaw Vincent Danen (Dec 16)
- Re: CVE request: zabbix persistent XSS flaw Kurt Seifried (Dec 16)