|
|
Log in / Subscribe / Register

pnp4nagios: cross-site scripting

Package(s):pnp4nagios CVE #(s):CVE-2014-4908 CVE-2014-4907
Created:July 14, 2014 Updated:May 12, 2015
Description: From the Red Hat bugzilla:

CVE-2014-4908: Two vulnerabilities have been reported in PNP4Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input appended to the URL is not properly sanitised in "views/kohana_error_page.php" before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input appended to the URL is not properly sanitised in "views/template.php" before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

CVE-2014-4907: The 0.6.22 release of PNP4Nagios fixes a cross-site scripting flaw in an error page. An attacker could use this flaw to perform cross-site scripting attacks.

Alerts:
Mageia MGASA-2015-0203 pnp4nagios 2015-05-11
Fedora FEDORA-2014-8107 pnp4nagios 2014-07-14
Fedora FEDORA-2014-8098 pnp4nagios 2014-07-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds