Source: ganglia-web X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for ganglia-web. CVE-2024-52762[0]: | A cross-site scripting (XSS) vulnerability in the component | /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to | execute arbitrary web scripts or HTML via a crafted payload injected | into the "tz" parameter. https://github.com/ganglia/ganglia-web/issues/382 CVE-2024-52763[1]: | A cross-site scripting (XSS) vulnerability in the component | /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows | attackers to execute arbitrary web scripts or HTML via a crafted | payload injected into the "g" parameter. https://github.com/ganglia/ganglia-web/issues/382 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-52762 https://www.cve.org/CVERecord?id=CVE-2024-52762 [1] https://security-tracker.debian.org/tracker/CVE-2024-52763 https://www.cve.org/CVERecord?id=CVE-2024-52763 Please adjust the affected versions in the BTS as needed.
