CVE-2013-6395

Name of the Vulnerable Software and Affected Versions Ganglia Web versions 3.5.8 through 3.5.10

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the host regex parameter to the default URI, which is processed by the get context.php file.

Recommendations For Ganglia Web versions 3.5.8 through 3.5.10, avoid using the host regex parameter in the default URI until a fix is available. As a temporary workaround, consider restricting access to the get context.php file to minimize the risk of exploitation.