oss-sec mailing list archives

Re: CVE request: XSS flaws fixed in ganglia

From: Raphael Geissert <atomo64 () gmail com>
Date: Thu, 21 Feb 2013 11:47:10 +0100

Hi,

On 8 February 2013 19:06, Vincent Danen <vdanen () redhat com> wrote:

A number of XSS issues were fixed in ganglia's web ui:

https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e


I've a hunch that there are a few issues with the changes. A quick
look at the patch shows that the change here breaks the preg_replace
call:

- $query_string = preg_replace("/(&trendhistory=)(\d+)/", "", $query_string);
+ $query_string = preg_replace("/(&trendhistory=)(\d+)/", "",
htmlspecialchars($query_string, ENT_QUOTES) );

It looks as if the htmlspecialchars call was misplaced.  Not that it
is a security issue, but it's a bug.

Can anyone forward this upstream? I will try to take a look at the
rest of the patch later.

Cheers,
-- 
Raphael Geissert

Current thread:

CVE request: XSS flaws fixed in ganglia Vincent Danen (Feb 08)
- Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 08)
- Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
  - Re: CVE request: XSS flaws fixed in ganglia Salvatore Bonaccorso (Feb 21)
  - Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Feb 21)
    - Re: CVE request: XSS flaws fixed in ganglia Kurt Seifried (Feb 26)
    - Re: CVE request: XSS flaws fixed in ganglia Raphael Geissert (Mar 20)