[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: zabbix persistent XSS flaw
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2011-12-16 22:25:52
Message-ID: 4EEBC570.2060100 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/16/2011 03:16 PM, Vincent Danen wrote:
> Could a CVE be assigned to this flaw?
>
> Zabbix 1.8.10rc1 was released to correct persistant cross-site
> scripting vulnerabilities due to improper sanitization of the gname
> variable when creating user and host groups.
>
> References:
>
> http://www.zabbix.com/rn1.8.10rc1.php
> https://support.zabbix.com/browse/ZBX-4015
> https://bugzilla.redhat.com/show_bug.cgi?id=768525
>
Please use CVE-2011-4615 for this issue.
- --
- -Kurt Seifried / Red Hat Security Response Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBAgAGBQJO68VwAAoJEBYNRVNeJnmT+4oP/jiCMcsybieFQ4Ds4IEsH52k
+8lGLSWER6vchRhjJZs7LNcHalsrGJTbnQtBPAAHF89m8kgYEE5jcaGuVzwaRmkP
IygrCyIBLKNguKUniwD7eUbkYXIJK3zKLqiYGIRKSet3T539foGzCo+4nYueTQZr
nI7dJeXdsyZe+2Z3AtYWfqtk7srNXAMf4KCRyITfcpDZt1iR4b2UQHuL/D/pcBJI
l4+q+QL1wnfXXYGzIELDga4WnOCWHyMa5IU9PRv0DFKnXLk4qxzyDrgbLRdw0OvB
m6mVj41eUe5zePUqEgWgeuLZ1aWzv2nGYsiNJOCSupD2loa1Lvh+7rrGbNJfS14W
SEP8FjLvqX+nYexyclt3wPQleLAw3CobjpUOVmdysFXxh7oUlEiS0mROkDflzz0F
Xqr6d8Jk9DysWhJ5E2Ciz466/0X53GXa7gD7Lk88ecZUTg+w0jCpci0z+Q887Mup
tgl4fbD/Rk/DhkJz35QBbnLp8oeAQIwnwO0iWkZC8wkGjQxuaOPqM2xEjIxNfn9f
bu8eqNJLoWrAy0lahnFhBrNm67YnJ3XAHK65/9IMhVnt+KufC9A44isknn/P7Iwl
diAjaOWwn4aWKjmuiGKLaguIaGzUql1tJQlFwVHXr36WQePuaIX/a3xkvSWLGefb
/zC7tkRNt2CnPAEnATur
=4mxv
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic