Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
When I visited the installed web page , I found this version has 2 Reflect Cross-site scripting (XSS) in the page. I found the apt-get installed the version 3.6.1 of ganglia-webfrontend default, maybe there are many ganglia users used apt-get to installed this ganglia-webfrontend version.
There some xss protect in the systen but can be by pass. attacter can use “onfocus” and “autofocus” to bypass.
Please confirm is it a serurity vulnerability .