fkie_nvd - fkie_cve-2014-4908

fkie_cve-2014-4908

Vulnerability from fkie_nvd

Published

2014-07-11 11:08

Modified

2024-11-21 02:11

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element.

References

URL	Tags
cve@mitre.org	http://openwall.com/lists/oss-security/2014/07/11/3
cve@mitre.org	http://secunia.com/advisories/58973
cve@mitre.org	http://www.securityfocus.com/bid/68352
cve@mitre.org	https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb	Exploit, Patch
cve@mitre.org	https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2014/07/11/3
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/58973
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68352
af854a3a-2127-422b-91ae-364da2661108	https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014	Exploit, Patch

Impacted products

Vendor	Product	Version
pnp4nagios	pnp4nagios	*
pnp4nagios	pnp4nagios	0.6.0
pnp4nagios	pnp4nagios	0.6.1
pnp4nagios	pnp4nagios	0.6.2
pnp4nagios	pnp4nagios	0.6.3
pnp4nagios	pnp4nagios	0.6.4
pnp4nagios	pnp4nagios	0.6.5
pnp4nagios	pnp4nagios	0.6.6
pnp4nagios	pnp4nagios	0.6.7
pnp4nagios	pnp4nagios	0.6.10
pnp4nagios	pnp4nagios	0.6.11
pnp4nagios	pnp4nagios	0.6.12
pnp4nagios	pnp4nagios	0.6.13
pnp4nagios	pnp4nagios	0.6.14
pnp4nagios	pnp4nagios	0.6.15
pnp4nagios	pnp4nagios	0.6.16
pnp4nagios	pnp4nagios	0.6.17
pnp4nagios	pnp4nagios	0.6.18
pnp4nagios	pnp4nagios	0.6.19
pnp4nagios	pnp4nagios	0.6.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8B7237D-1D86-46C5-BEFB-A2DC8D9BEE56",
              "versionEndIncluding": "0.6.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6A23D8-523A-4954-A93F-6D4D3FA8F1C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA83CAF-0BC7-456E-ACE0-3DAEA46432DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A6EA17-402B-4A98-BD7D-97E8F9D4A45D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB7A928-17CA-49DD-98F8-9CD3B3A9711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4F6F00-CD12-48FC-AB40-1B6658F56FEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD65E85-E76B-43ED-BAC4-76BE852DC8A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "083B12F0-6BD9-41B3-891F-A065C653F280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC5FAE37-3D3C-4E4C-8D24-FEAFBB250641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5696B4F3-E44A-43E3-A24C-53D85C36CC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C497FF-5494-4177-B266-E83A27304E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "070CAFD5-1694-4113-83F7-0C47ACD76918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FD4787A-A1CA-47C9-9E90-B2D26CA45A15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A4BA737-71F2-4115-AD16-A2AE64ADEB13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A7B2E7-28AC-4E92-875C-DFE61B3F29D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA031C5B-4BFA-4DC1-8EEE-E5C3E42A356F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5B598F-CD97-4E30-A677-5393CF5196F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC6EB20-A966-4A6F-8776-0032DBED669D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5116144-9290-497A-8021-F0D9BA89A572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E7828E-CFE6-4165-9330-482E8192E8A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv=\"refresh\" META element."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en PNP4Nagios hasta 0.6.22 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la URI que se utiliza para alcanzar (1) share/pnp/application/views/kohana_error_page.php o (2) share/pnp/application/views/template.php, que conduce a un manejo indebido dentro de un elemento http-equiv=\u0027refresh\u0027 META."
    }
  ],
  "id": "CVE-2014-4908",
  "lastModified": "2024-11-21T02:11:06.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-11T11:08:22.823",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2014/07/11/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/58973"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/68352"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2014/07/11/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-4908

Vulnerability from cvelistv5

Published

2014-07-11 10:00

Modified

2024-08-06 11:27