[Xymon] Xymon 4.3.1 released (security fixes)

[Henrik Størner]

Hi,

I have released Xymon version 4.3.1. It is available from Sourceforge at 
http://sourceforge.net/projects/xymon/ now.

The main reason for a release now following the 4.3.0 release just a 
month ago is to fix a security issue that was reported to me two days ago.

David Ferrest reported that the Xymon web interface was vulnerable to 
"cross-site scripting" attacks. After the initial report, I have gone 
through the web UI code and fixed several identical vulnerabilities 
leading to this release.


For those unfamiliar with cross-site scripting, here is  the Wikipedia 
description:

"Cross-site scripting (XSS) is a type of computer security vulnerability 
typically found in web applications that enables malicious attackers to 
inject client-side script into web pages viewed by other users. An 
exploited cross-site scripting vulnerability can be used by attackers to 
bypass access controls such as the same origin policy. Cross-site 
scripting carried out on websites were roughly 80% of all security 
vulnerabilities documented by Symantec as of 2007. Their impact may 
range from a petty nuisance to a significant security risk, depending on 
the sensitivity of the data handled by the vulnerable site, and the 
nature of any security mitigations implemented by the site's owner."

(From http://en.wikipedia.org/wiki/Cross-site_scripting )


Regards,
Henrik