Another XSS was reported [1] in smokeping, regarding the "start" and "end" time fields. These fields are not properly filtered. This has been fixed in upstream git [2]. [1] http://seclists.org/oss-sec/2013/q3/156 [2] https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
Created smokeping tracking bugs for this issue: Affects: fedora-all [bug 986522]
This was assigned CVE-2013-4168; see http://seclists.org/oss-sec/2013/q3/193
smokeping-2.6.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
smokeping-2.6.9-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.