xss and other bugs ...
Bug #777801 reported by
David
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntop |
Unknown
|
Unknown
|
|||
ntop (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ntop
the ntop package despite being really buggy - also is vulnerable to xss and probably many other kinds of web security bugs.
I am reporting two xss bugs below.
http://
recommendation -
1. don't use get to set stuff you use post for that... :/
2. use csrf tokens.
Changed in ntop (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in ntop (Ubuntu): | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
It isn't likely that an extended period of "being private" would server anyone's benefit so I have make this public.
I have made attempts to contact the developer - but none have received any kind of response.