The report suggests that some variables are sanitised, but the two that
were exploitable were not. It would probably be possibly to simply apply
the sanitisation code to these two variables, and it would remove the XSS
vulnerability. I haven't reviewed the code, though.
I'm actually trying to understand how this could be exploited. Can you
explain?
On Wed, 15 Jul 2020 at 22:46, Gatis Anerauds <user-e47f4dceddb4@xymon.invalid> wrote:
Hi,
Looking for help.
Does anyone know something about this rather old XSS vulnerability?
https://infosec.rm-it.de/2012/04/08/xss-in-xymon/
It is kind of still there in the 4.3.30 version.
Any ideas how can it be solved?
Regards
Gatis