Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Two XSS issue found in 3.6.1 #351

Open
1iK3 opened this issue Dec 17, 2019 · 4 comments
Open

Two XSS issue found in 3.6.1 #351

1iK3 opened this issue Dec 17, 2019 · 4 comments

Comments

@1iK3
Copy link

1iK3 commented Dec 17, 2019

When I visited the installed web page , I found this version has 2 Reflect Cross-site scripting (XSS) in the page. I found the apt-get installed the version 3.6.1 of ganglia-webfrontend default, maybe there are many ganglia users used apt-get to installed this ganglia-webfrontend version.

header.php
411 $custom_time = "or <span class="nobr">from <input type="TEXT" title="$examples" NAME="cs" ID="datepicker-cs" SIZE="17"";
412 if ($cs)
413 $custom_time .= " value="$cs"";
414 $custom_time .= "> to <input type="TEXT" title="$examples" name="ce" ID="datepicker-ce" SIZE="17"";
415 if ($ce)
416 $custom_time .= " value="$ce"";
417 $custom_time .= "> <input type="submit" value="Go">\n";

There some xss protect in the systen but can be by pass. attacter can use “onfocus” and “autofocus” to bypass.
url1:
/ganglia/?r=hour&cs=&ce=hou7z%22%20onfocus%3ddocument.location%3d1%20autofocus%3d%20oqqfa&c=unspecified&h=&tab=m&vn=&hide-hf=false
url2:
/ganglia/?r=hour&cs=quxfd%22%20onfocus%3ddocument.location%3d1%20autofocus%3d%20wp7f3&ce=&c=unspecified&h=&tab=m&vn=&hide-hf=false

Please confirm is it a serurity vulnerability .

@1iK3 1iK3 changed the title Two XSS issue found in Two XSS issue found in 3.6.1 Dec 17, 2019
@carnil
Copy link

carnil commented Jan 11, 2020

Two CVEs were aparently assigned: CVE-2019-20378 and CVE-2019-20379.

@NicoleG25
Copy link

@vvuksan is there any plan to address these vulnerabilities? :)
Cheers !

@solbu
Copy link

solbu commented May 13, 2021

Could this have been fixed with this commit? -> ab90903
The commit message indicate that an XSS error was fixed.

@vvuksan
Copy link
Member

vvuksan commented May 13, 2021

I have not been able to reproduce it from the main branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants