|
| Description: | | Ganglia is a distributed system monitoring tool that enables real-time monitoring and data analysis of servers. It uses the topology diagram of the tree structure to describe the relationship between the system and the network, and supports a variety of different metrics. A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter. |
|
| Impact: | | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. |
|
| Affected OS: | | Windows, Linux, Others |
|
| Reference: | | https://github.com/ganglia/ganglia-web/issues/382
|
|