Web application abuses : Ganglia Web < 3.5.8 XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804557

Categoría: Web application abuses

Título: Ganglia Web < 3.5.8 XSS Vulnerability - Active Check

Resumen: Ganglia Web is prone to a cross-site scripting (XSS); vulnerability.

Descripción: Summary:
Ganglia Web is prone to a cross-site scripting (XSS)
vulnerability.

Vulnerability Insight:
Input passed via the 'view_name' GET parameter to
views_view.php is not properly sanitised before being returned to the user.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute
arbitrary HTML and script code in a users browser session in context of an affected site.

Affected Software/OS:
Ganglia Web version 3.5.7 and probably prior.

Solution:
Update to version 3.5.8 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1770
52673
http://secunia.com/advisories/52673
[oss-security] 20130221 Re: CVE request: XSS flaws fixed in ganglia
http://www.openwall.com/lists/oss-security/2013/02/21/12
[oss-security] 20130226 Re: CVE request: XSS flaws fixed in ganglia
http://www.openwall.com/lists/oss-security/2013/02/26/11
ganglia-viewsview-xss(82468)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82468
https://bugzilla.redhat.com/show_bug.cgi?id=892823
https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6
https://github.com/ganglia/ganglia-web/issues/160
Common Vulnerability Exposure (CVE) ID: CVE-2013-0275
58204
http://www.securityfocus.com/bid/58204
[oss-security] 20130208 Re: CVE request: XSS flaws fixed in ganglia
http://www.openwall.com/lists/oss-security/2013/02/08/6
http://ganglia.info/?p=566
https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804557
Categoría:	Web application abuses
Título:	Ganglia Web < 3.5.8 XSS Vulnerability - Active Check
Resumen:	Ganglia Web is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: Ganglia Web is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Input passed via the 'view_name' GET parameter to views_view.php is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site. Affected Software/OS: Ganglia Web version 3.5.7 and probably prior. Solution: Update to version 3.5.8 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1770 52673 http://secunia.com/advisories/52673 [oss-security] 20130221 Re: CVE request: XSS flaws fixed in ganglia http://www.openwall.com/lists/oss-security/2013/02/21/12 [oss-security] 20130226 Re: CVE request: XSS flaws fixed in ganglia http://www.openwall.com/lists/oss-security/2013/02/26/11 ganglia-viewsview-xss(82468) https://exchange.xforce.ibmcloud.com/vulnerabilities/82468 https://bugzilla.redhat.com/show_bug.cgi?id=892823 https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6 https://github.com/ganglia/ganglia-web/issues/160 Common Vulnerability Exposure (CVE) ID: CVE-2013-0275 58204 http://www.securityfocus.com/bid/58204 [oss-security] 20130208 Re: CVE request: XSS flaws fixed in ganglia http://www.openwall.com/lists/oss-security/2013/02/08/6 http://ganglia.info/?p=566 https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
Copyright	Copyright (C) 2014 Greenbone AG