CVE-2013-0275
published 2013-03-14CVE-2013-0275: Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.93%
77.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ganglia | < ganglia 3.6.0-1 (bookworm) | ganglia 3.6.0-1 (bookworm) |
| debian | ganglia-web | < ganglia 3.6.0-1 (bookworm) | ganglia 3.6.0-1 (bookworm) |
| ganglia | ganglia | >= 0 < 3.6.0-1 | 3.6.0-1 |
| ganglia | ganglia | >= 0 < 3.6.0-1 | 3.6.0-1 |
| ganglia | ganglia-web | <= 3.5.5 | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | — | — |
| ganglia | ganglia-web | >= 0 < 3.5.8-3 | 3.5.8-3 |
| ganglia | ganglia-web | >= 0 < 3.5.8-3 | 3.5.8-3 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g57r-hv37-c5q8: Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3
ghsa_unreviewed·2022-05-05
CVE-2013-0275 [MEDIUM] CWE-79 GHSA-g57r-hv37-c5q8: Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
OSV
CVE-2013-0275: Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3
osv·2013-03-14·CVSS 4.3
CVE-2013-0275 [MEDIUM] CVE-2013-0275: Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Debian
CVE-2013-0275: ganglia - Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 ...
vendor_debian·2013·CVSS 4.3
CVE-2013-0275 [MEDIUM] CVE-2013-0275: ganglia - Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 ...
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 3.6.0-1)
bullseye: resolved (fixed in 3.6.0-1)
sid: resolved (fixed in 3.6.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937)
bugzilla·2013-02-20·CVSS 10.0
CVE-2013-1484 [CRITICAL] CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937)
CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937)
It was discovered that MethodHandleProxies implementation of the new reflection API in OpenJDK did not properly check privileges of the code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Upstream commit, as included in IcedTea7 repositories:
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/11c26eb70acb
External Reference:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2013:0275 https://rhn.redhat.com/errata/RHSA-2013-0275.html
---
This issue has been addr
Bugzilla
CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439)
bugzilla·2013-02-20·CVSS 5.0
CVE-2013-1485 [MEDIUM] CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439)
CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439)
It was discovered that MethodHandles implementation of the new reflection API in OpenJDK did not properly check privileges of the code. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
Upstream commit, as included in IcedTea7 repositories:
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/93fe582a92a4
External Reference:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2013:0275 https://rhn.redhat.com/errata/RHSA-2013-0275.html
---
This issue has been addresse
Bugzilla
CVE-2013-0275 ganglia: several XSS flaws in ganglia-web [epel-all]
bugzilla·2013-02-08·CVSS 4.3
CVE-2013-0275 [MEDIUM] CVE-2013-0275 ganglia: several XSS flaws in ganglia-web [epel-all]
CVE-2013-0275 ganglia: several XSS flaws in ganglia-web [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects m
Bugzilla
CVE-2013-0275 CVE-2013-1770 ganglia: several XSS flaws in ganglia-web
bugzilla·2013-01-07·CVSS 4.3
CVE-2013-0275 [MEDIUM] CVE-2013-0275 CVE-2013-1770 ganglia: several XSS flaws in ganglia-web
CVE-2013-0275 CVE-2013-1770 ganglia: several XSS flaws in ganglia-web
A number of XSS flaws were reported in the Ganglia web frontend.
These flaws are not currently public.
Discussion:
Looks like the fixes for these are here:
https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
---
Created ganglia tracking bugs for this issue
Affects: fedora-all [bug 892301]
Affects: epel-all [bug 909427]
---
CVE request:
http://www.openwall.com/lists/oss-security/2013/02/08/5
---
The CVE identifier of CVE-2013-0275 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2013/02/08/6
---
There are other unfixed XSS issues as noted here:
http://www.openwall.com/lists/oss-security/2013/02/26/11
They received the name CVE-2013-1770
---
C
http://ganglia.info/?p=566http://www.openwall.com/lists/oss-security/2013/02/08/6http://www.securityfocus.com/bid/58204https://bugzilla.redhat.com/show_bug.cgi?id=892823https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058ehttp://ganglia.info/?p=566http://www.openwall.com/lists/oss-security/2013/02/08/6http://www.securityfocus.com/bid/58204https://bugzilla.redhat.com/show_bug.cgi?id=892823https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
2013-03-14
Published