oss-sec mailing list archives
CVE request - Icinga 1.13.3 and older are vulnerable to XSS
From: Ricardo <ricardo () bitchbrothers com>
Date: Fri, 23 Oct 2015 23:01:55 +0200
Hi, there is is a XSS vulnerability in Icinga Classic-UI 1.13.3. This got originally introduced with this issue https://dev.icinga.org/issues/593 and version 1.3. Example: http://classic.demo.icinga.org/icinga/cgi-bin/status.cgi?host=all&'onmouseover='prompt(25435);'bad=' More infos can be found in this issue: https://dev.icinga.org/issues/10453 Can we get a CVE assigned to track this? Thanks to T-Systems Germany for finding it. Thanks. Cheers Ricardo
Attachment:
smime.p7s
Description:
Current thread:
- CVE request - Icinga 1.13.3 and older are vulnerable to XSS Ricardo (Oct 23)
- Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS cve-assign (Oct 29)