[Xymon] Xymon and XSS vulnerability
Jeremy Laidman
jeremy at laidman.org
Thu Jul 30 06:33:45 CEST 2020
The report suggests that some variables are sanitised, but the two that
were exploitable were not. It would probably be possibly to simply apply
the sanitisation code to these two variables, and it would remove the XSS
vulnerability. I haven't reviewed the code, though.
I'm actually trying to understand how this could be exploited. Can you
explain?
On Wed, 15 Jul 2020 at 22:46, Gatis Anerauds <gatis.anee at gmail.com> wrote:
> Hi,
>
> Looking for help.
> Does anyone know something about this rather old XSS vulnerability?
> https://infosec.rm-it.de/2012/04/08/xss-in-xymon/
> It is kind of still there in the 4.3.30 version.
> Any ideas how can it be solved?
>
> Regards
> Gatis
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200730/4b5ee332/attachment.htm>
More information about the Xymon
mailing list