xss vulnerabilities in nagios 3.2.3
Ton Voon
tonvoon at gmail.com
Mon Jun 13 10:55:11 CEST 2011
On 10 Jun 2011, at 09:57, Michael Friedrich wrote:
> hi,
>
> on your tracker, 2 issues point to several xss vulnerabilities. since we've fixed them in icinga, and previous command expander needed an enhanced patch too, i decided to push that over her too while adding that patch to the omd package.
>
> description is in icinga's dev tracker
>
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
>
> this is a combined fix of those 2 issues #207 #224 @ tracker.nagios.org, diff'ed against 3.2.3 release on holger's git repository.
>
> feel free to to accept it or not, as usual i won't provide any tests as user feedback was sufficient.
Thanks for the highlight. I've committed in 1741 with tests in 618cgisecurity.t to check for escaping of tags.
Ton
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
More information about the Developers
mailing list