PNP4Nagios XSS

2014.07.03
Credit: Murray McAllister
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Good morning, As reported at <https://bugs.gentoo.org/show_bug.cgi?id=516078> and <http://docs.pnp4nagios.org/pnp-0.6/dwnld>, PNP4Nagios pnp-0.6.22 fixes a cross-site scripting issue. This may be the fix: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/ share/pnp/application/views/kohana_error_page.php Diff Switch to side-by-side view --- a/share/pnp/application/views/kohana_error_page.php +++ b/share/pnp/application/views/kohana_error_page.php @@ -28,7 +28,7 @@ <div style="padding: 0pt 0.7em;" class="ui-state-error ui-corner-all"> <h3>Please check the documentation for information about the following error.</h3> -<p><?php echo $message ?></p> +<p><?php echo html::specialchars($message) ?></p> <?php if ( ! empty($line) AND ! empty($file)): ?> <h3>file [line]:</h3> <p><?php echo Kohana::lang('core.error_file_line', $file, $line) ?></p> Can a CVE please be assigned? Thanks, -- Murray McAllister

References:

http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top