Описание
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ganglia-web | fixed | 3.6.1-1 | package | |
| ganglia | not-affected | squeeze | package | |
| ganglia | fixed | 3.6.0-1 | package | |
| ganglia | no-dsa | wheezy | package |
Примечания
See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
ganglia-web and ganglia are now two separate source packages
starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
https://github.com/ganglia/ganglia-web/issues/218
https://github.com/ganglia/ganglia-web/commit/fbdf26542510c01931dac7856bb908f651ad05e6
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.