CVE-2007-6465 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G (4) me (5) x (6) n (7) v (8) l (9) vl and (10) st parameters to (b) web/graph.php; and the (11) c (12) G (13) h (14) r (15) m (16) s (17) cr (18) hc (19) sh (20) p (21) t (22) jr (23) js (24) gw (25) z and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
Reference
http://secunia.com/advisories/28116 http://sourceforge.net/project/shownotes.php?release_id=562168 http://www.osvdb.org/39515 http://www.osvdb.org/39516 http://www.osvdb.org/39517 http://www.securityfocus.com/bid/26895 http://www.vupen.com/english/advisories/2007/4250
Share on: