oss-sec mailing list archives

CVE Request: XSS in smokeping / start and end time fields not filtered

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 20 Jul 2013 09:13:44 +0200

Hi Kurt

There is another XSS fix which was done after the 2.6.9 release for
smokeping.

In [1] Steven Chamberlain pointed out that in 2.6.9 upstrem the
"start" and "end" time fields are still not filtered.

Tobi Oetiker fixed this in a commit following the 2.6.9 release at
[2]. But this version is no yet released.

 [1] http://bugs.debian.org/659899#67
 [2] https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563

Does this also needs a separate CVE, as a subsequent fix to the 2.6.9
release?

Regards,
Salvatore

Current thread:

CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso (Jul 20)
- Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried (Jul 25)