30 Jul
2020
30 Jul
'20
4:33 a.m.
The report suggests that some variables are sanitised, but the two that were exploitable were not. It would probably be possibly to simply apply the sanitisation code to these two variables, and it would remove the XSS vulnerability. I haven't reviewed the code, though.
I'm actually trying to understand how this could be exploited. Can you explain?
On Wed, 15 Jul 2020 at 22:46, Gatis Anerauds <gatis.anee at gmail.com> wrote:
Hi,
Looking for help. Does anyone know something about this rather old XSS vulnerability? https://infosec.rm-it.de/2012/04/08/xss-in-xymon/ It is kind of still there in the 4.3.30 version. Any ideas how can it be solved?
Regards Gatis
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon