Closed m0zes closed 3 years ago
OpenBugBounty found an issue with my Ganglia instance.
It looks like there is an XSS opportunity within the g url parameter for graph_all_periods.php
I was able to replicate, so I went ahead and wrapped g, h, m, embed, and mobile with the sanitize function.
Once wrapped, I was unable to replicate the OBB XSS issue.
OpenBugBounty found an issue with my Ganglia instance.
It looks like there is an XSS opportunity within the g url parameter for graph_all_periods.php
I was able to replicate, so I went ahead and wrapped g, h, m, embed, and mobile with the sanitize function.
Once wrapped, I was unable to replicate the OBB XSS issue.