[dev.icinga.com #10453] Icinga Classic-UI 1.13.3 and older are vulnerable to XSS - CVE-2015-8010 #1563
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10453
Created by ricardo on 2015-10-23 20:24:35 +00:00
Due to my bad programming skills I introduced a XSS vulnerability in Classic-UI with the CSV export link and pagination feature.
This got originally introduced with this issue https://dev.icinga.org/issues/593 and version 1.3.
I already wrote a fix which just needs to commitet.
Thanks to T-Systems Germany for finding it.
2015-10-23 20:26:12 +00:00 by ricardo 5c816f5
2015-10-30 20:05:17 +00:00 by ricardo 31dd493
Updated by ricardo on 2015-10-23 21:28:59 +00:00
Updated by mfriedrich on 2015-10-29 21:31:06 +00:00
Seems it is there, go on please.
Updated by ricardo on 2015-10-30 20:09:53 +00:00
We got a CVE to track this issue.
now in current master
Updated by mfriedrich on 2015-10-30 22:14:06 +00:00