'[oss-security] Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request - Icinga 1.13.3 and older are vulnerable to XSS
From:       cve-assign () mitre ! org
Date:       2015-10-29 20:51:04
Message-ID: 20151029205104.BDBB4B2E09D () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://dev.icinga.org/issues/10453

> Classic-UI with the CSV export link and pagination feature

> The functions parsed QUERY_STRING from the environment without
> properly sanitizing it.

> /cgi-bin/status.cgi?host=all&[XSS]

Use CVE-2015-8010.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWMoZFAAoJEL54rhJi8gl5Q7oP/A1ALnCznQCfABA13OjO0gPQ
7AAhmJ7ehF75Zhj+5HrGl4AzqxdFQ36jGGVhFvedBBCt6GKEGmdz5w3LXcMW0fUx
oV3Fj5odzUJzscnZhzVvDdoce6hFJaXhuTOtdEhU2TBNr1tf6HwzXhT5nbOcfOAa
lFi5KFVCFhXBtk0yCzufCoFEb6ey6xkNXxTI5xiSxtyngE5rPW6/Iczqsj5cVC5B
FhYwmnLa7L+wrW8wy4/9DaQRedKWYpZpwCpfoFyDykVNuoIFFkRVKlyM53tnBmS0
j7cHHVfQezAJSK/Yr40PcYsSP6lNKydMArzDoo8n5qWMN5TkjSAVFg+B4pq0CHCY
/TjTXM8AMGlMIrQldxfPVrIYvwrU5FYGHgONNf2yFDfaCCUTgbNrwEize4WgwzJV
VsUpKgY/WV00LS5WmfzD6mPhz9kdewKaBiLpOg4lFY5szB+qpjdzhW9a48VOHmQZ
6mut47yGovCoiZZGf2AHmEjwIoaiQu7qYJfUSsU5aRfpKSMlXxatWkR/imwJ4acU
IwCkdbYnORwx/umNqhVGtEgvVonwdSwF3DpIDvduCxnI4TsGgvZ9VF7DbW45/kT2
XuXiaRRD2YS5RFlF7fm3GDe5sXWER8+BgqXZqynkXvo7/ZRc44gWPU/4WKdvbS/+
5zpre8b5xsrn4rroQTOX
=CtNa
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic