Vulnerability Details CVE-2014-4907
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://docs.pnp4nagios.org/pnp-0.6/dwnld
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes
- http://www.securityfocus.com/bid/68350
- https://bugs.op5.com/view.php?id=8761
- http://docs.pnp4nagios.org/pnp-0.6/dwnld
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes
- http://www.securityfocus.com/bid/68350
- https://bugs.op5.com/view.php?id=8761
Products affected by CVE-2014-4907
-
cpe:2.3:a:op5:monitor:6.3.0
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.0
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.1
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.10
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.11
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.12
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.13
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.14
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.15
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.16
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.17
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.18
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.19
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.2
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.20
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.21
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.3
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.4
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.5
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.6
-
cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.7