Advisories » MGASA-2015-0168

Updated ntop packages fix CVE-2014-4165

Publication date: 23 Apr 2015
Modification date: 23 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-4165

Description

Updated ntop package fixes security vulnerability:

Lack of filtering in the title parameter of links to rrdPlugin allowed
cross-site-scripting (XSS) attacks against users of the web interface
(CVE-2014-4165).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15723
• http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4165

SRPMS

4/core

• ntop-5.0.1-4.1.mga4