Monitorix HTTP Server 'handle_request()' Session Fixation and Cross Site Scripting Vulnerabilities

Monitorix is prone to a cross-site scripting vulnerability and an unspecified session-fixation vulnerability.

Successfully exploiting these vulnerabilities will allow attackers to execute arbitrary script code in a user's browser in the context of the Web server process, access sensitive data, or hijack a user's session.

Versions prior to Monitorix 3.40 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus