Re: [Nagios-devel] xss vulnerabilities in nagios 3.2.3

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

Re: [Nagios-devel] xss vulnerabilities in nagios 3.2.3

Post by Guest »


On 10 Jun 2011, at 09:57, Michael Friedrich wrote:

> hi,
>=20
> on your tracker, 2 issues point to several xss vulnerabilities. since =
we've fixed them in icinga, and previous command expander needed an =
enhanced patch too, i decided to push that over her too while adding =
that patch to the omd package.
>=20
> description is in icinga's dev tracker
>=20
> https://dev.icinga.org/issues/1281
> https://dev.icinga.org/issues/1605
>=20
> this is a combined fix of those 2 issues #207 #224 @ =
tracker.nagios.org, diff'ed against 3.2.3 release on holger's git =
repository.
>=20
> feel free to to accept it or not, as usual i won't provide any tests =
as user feedback was sufficient.

Thanks for the highlight. I've committed in 1741 with tests in =
618cgisecurity.t to check for escaping of tags.

Ton







This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Top
Locked

Return to “Open Source Nagios Projects”