Debian Security Advisory
DSA-2651-1 smokeping -- cross-site scripting vulnerability
- Date Reported:
- 20 Mar 2013
- Affected Packages:
- smokeping
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 659899.
In Mitre's CVE dictionary: CVE-2012-0790. - More information:
-
A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the
displaymode
parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.For the stable distribution (squeeze), this problem has been fixed in version 2.3.6-5+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 2.6.7-1.
For the unstable distribution (sid), this problem has been fixed in version 2.6.7-1.
We recommend that you upgrade your smokeping packages.