Actions
Bug #3459
closedXSS - snort package
Status:
Resolved
Priority:
High
Assignee:
-
Category:
Snort
Target version:
-
Start date:
02/17/2014
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
There is no output encoding for the logfile variable, which leads to two reflected XSS point in the file snort_log_view.php, one after "Log File:" and other inside the textarea. Example:
http://ip/snort/snort_log_view.php?logfile=</textarea>XSS<marquee>ss
Actions