{ "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6395", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20131126 Re: CVE request: XSS flaw in Ganglia web interface", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2013/q4/346" }, { "name": "https://github.com/ganglia/ganglia-web/issues/218", "refsource": "MISC", "url": "https://github.com/ganglia/ganglia-web/issues/218" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507" }, { "name": "gangliaweb-cve20136395-xss(89272)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89272" }, { "name": "55854", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55854" }, { "name": "http://www.rusty-ice.de/advisory/advisory_2013002.txt", "refsource": "MISC", "url": "http://www.rusty-ice.de/advisory/advisory_2013002.txt" }, { "name": "100380", "refsource": "OSVDB", "url": "http://osvdb.org/100380" } ] } }