[Pkg-nagios-devel] Bug#865497: check-mk: CVE-2017-9781: reflected XSS in webapi.py
carnil at debian.org
Thu Jun 22 03:16:03 UTC 2017
Tags: patch upstream security
Justification: user security hole
the following vulnerability was published for check-mk.
| A cross site scripting (XSS) vulnerability exists in Check_MK versions
| 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to
| attempting authentication to webapi.py, which is returned unencoded
| with content type text/html.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the Pkg-nagios-devel