CVE-2012-0790

Name of the Vulnerable Software and Affected Versions Smokeping versions 2.4.2 through 2.6.6

Description The issue concerns multiple vulnerabilities in the Smokeping package of the Debian GNU/Linux operating system, which can lead to a breach of protected information integrity. These vulnerabilities can be exploited remotely. Specifically, a cross-site scripting (XSS) vulnerability exists in the smokeping cgi component of Smokeping, allowing remote attackers to inject arbitrary web scripts or HTML via the displaymode parameter.

Recommendations For Smokeping versions 2.4.2 through 2.6.6, update to version 2.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the smokeping cgi component until a patch is available. Avoid using the displaymode parameter in the affected API endpoint until the issue is resolved.