A cross-site scripting flaw was found in ntop's rrdPlugin plug-in. An attacker could use this flaw to perform cross-site scripting attacks against users of the ntop web interface. Original report: http://packetstormsecurity.com/files/127043/ntop-xss.txt The issue seems to be both with content inside the <title> tags, and any trailing content afterwards. The 5.0.7 version in Fedora 20 is definitely affected. I have not tested the 3.3.9 version in EPEL 5.
Created ntop tracking bugs for this issue: Affects: fedora-all [bug 1110123] Affects: epel-all [bug 1110124]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.