oss-sec mailing list archives
Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS
From: cve-assign () mitre org
Date: Thu, 29 Oct 2015 16:51:04 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://dev.icinga.org/issues/10453
Classic-UI with the CSV export link and pagination feature
The functions parsed QUERY_STRING from the environment without properly sanitizing it.
/cgi-bin/status.cgi?host=all&[XSS]
Use CVE-2015-8010. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWMoZFAAoJEL54rhJi8gl5Q7oP/A1ALnCznQCfABA13OjO0gPQ 7AAhmJ7ehF75Zhj+5HrGl4AzqxdFQ36jGGVhFvedBBCt6GKEGmdz5w3LXcMW0fUx oV3Fj5odzUJzscnZhzVvDdoce6hFJaXhuTOtdEhU2TBNr1tf6HwzXhT5nbOcfOAa lFi5KFVCFhXBtk0yCzufCoFEb6ey6xkNXxTI5xiSxtyngE5rPW6/Iczqsj5cVC5B FhYwmnLa7L+wrW8wy4/9DaQRedKWYpZpwCpfoFyDykVNuoIFFkRVKlyM53tnBmS0 j7cHHVfQezAJSK/Yr40PcYsSP6lNKydMArzDoo8n5qWMN5TkjSAVFg+B4pq0CHCY /TjTXM8AMGlMIrQldxfPVrIYvwrU5FYGHgONNf2yFDfaCCUTgbNrwEize4WgwzJV VsUpKgY/WV00LS5WmfzD6mPhz9kdewKaBiLpOg4lFY5szB+qpjdzhW9a48VOHmQZ 6mut47yGovCoiZZGf2AHmEjwIoaiQu7qYJfUSsU5aRfpKSMlXxatWkR/imwJ4acU IwCkdbYnORwx/umNqhVGtEgvVonwdSwF3DpIDvduCxnI4TsGgvZ9VF7DbW45/kT2 XuXiaRRD2YS5RFlF7fm3GDe5sXWER8+BgqXZqynkXvo7/ZRc44gWPU/4WKdvbS/+ 5zpre8b5xsrn4rroQTOX =CtNa -----END PGP SIGNATURE-----
Current thread:
- CVE request - Icinga 1.13.3 and older are vulnerable to XSS Ricardo (Oct 23)
- Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS cve-assign (Oct 29)