oss-security December 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: zabbix persistent XSS

[oss-security] CVE request: zabbix persistent XSS flaw

From: Vincent Danen <vdanen_at_nospam>
Date: Fri Dec 16 2011 - 22:16:02 GMT
To: oss-security@lists.openwall.com

Could a CVE be assigned to this flaw?

Zabbix 1.8.10rc1 was released to correct persistant cross-site
scripting vulnerabilities due to improper sanitization of the gname
variable when creating user and host groups.

References:

http://www.zabbix.com/rn1.8.10rc1.php
https://support.zabbix.com/browse/ZBX-4015
https://bugzilla.redhat.com/show_bug.cgi?id=768525

-- Vincent Danen / Red Hat Security Response Team