oss-sec mailing list archives

CVE request - Icinga 1.13.3 and older are vulnerable to XSS

From: Ricardo <ricardo () bitchbrothers com>
Date: Fri, 23 Oct 2015 23:01:55 +0200

Hi,

there is is a XSS vulnerability in Icinga Classic-UI 1.13.3.

This got originally introduced with this issue https://dev.icinga.org/issues/593 and version 1.3.

Example: http://classic.demo.icinga.org/icinga/cgi-bin/status.cgi?host=all&'onmouseover='prompt(25435);'bad='

More infos can be found in this issue: https://dev.icinga.org/issues/10453

Can we get a CVE assigned to track this?

Thanks to T-Systems Germany for finding it. Thanks.

Cheers
Ricardo

Attachment: smime.p7s
Description:

Current thread:

CVE request - Icinga 1.13.3 and older are vulnerable to XSS Ricardo (Oct 23)
- Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS cve-assign (Oct 29)