Summary
The host is installed with Ganglia Web and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site.
Impact Level: Application
Solution
Update to version 3.5.8 or later,
For updates refer to http://ganglia.info
Insight
Input passed via the 'view_name' GET parameter to views_view.php is not properly sanitised before being returned to the user.
Affected
Ganglia Web version 3.5.7, Other versions may also be affected.
Detection
Send a crafted data via HTTP GET request and check whether it is able read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-1770 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- An Image Gallery Directory Traversal Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities