oss-sec mailing list archives

CVE request: zabbix persistent XSS flaw

From: Vincent Danen <vdanen () redhat com>
Date: Fri, 16 Dec 2011 15:16:02 -0700

Could a CVE be assigned to this flaw?

Zabbix 1.8.10rc1 was released to correct persistant cross-site
scripting vulnerabilities due to improper sanitization of the gname
variable when creating user and host groups.

References:

http://www.zabbix.com/rn1.8.10rc1.php
https://support.zabbix.com/browse/ZBX-4015
https://bugzilla.redhat.com/show_bug.cgi?id=768525

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: zabbix persistent XSS flaw Vincent Danen (Dec 16)
- Re: CVE request: zabbix persistent XSS flaw Kurt Seifried (Dec 16)