From ${URL} : there is is a XSS vulnerability in Icinga Classic-UI 1.13.3. This got originally introduced with this issue https://dev.icinga.org/issues/593 and version 1.3. Example: http://classic.demo.icinga.org/icinga/cgi-bin/status.cgi?host=all&'onmouseover='prompt(25435);'bad=' More infos can be found in this issue: https://dev.icinga.org/issues/10453 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
arches, please stablize the following =net-analyzer/icinga-1.13.3
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
cleaned up
Arches and Maintainer(s), Thank you for your work. Security Please Vote. GLSA Vote: No
Hello, the vulnerabilitiy is also in Icinga Classic-UI 1.13.3! So this Problem still exist. It is fixed with this commit https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff/diff?format=diff
fixed in r1, arches please stablize the following =net-analyzer/icinga-1.13.3-r1
The file CVE-2015-8010_1.13.3.patch in git repo is empty.
ok, fixed it
Vote: NO.
GLSA Vote: No Thank you all. Closing as noglsa.