xss vulnerabilities in nagios 3.2.3

Ton Voon tonvoon at gmail.com
Mon Jun 13 10:55:11 CEST 2011


On 10 Jun 2011, at 09:57, Michael Friedrich wrote:

> hi,
> 
> on your tracker, 2 issues point to several xss vulnerabilities. since we've fixed them in icinga, and previous command expander needed an enhanced patch too, i decided to push that over her too while adding that patch to the omd package.
> 
> description is in icinga's dev tracker
> 
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
> 
> this is a combined fix of those 2 issues #207 #224 @ tracker.nagios.org, diff'ed against 3.2.3 release on holger's git repository.
> 
> feel free to to accept it or not, as usual i won't provide any tests as user feedback was sufficient.

Thanks for the highlight. I've committed in 1741 with tests in 618cgisecurity.t to check for escaping of tags.

Ton



------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev




More information about the Developers mailing list