Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-4907

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.

Published

2014-07-11T11:08:22.760

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	op5	monitor	6.3.0	Yes
Application	pnp4nagios	pnp4nagios	≤ 0.6.21	Yes
Application	pnp4nagios	pnp4nagios	0.6.0	Yes
Application	pnp4nagios	pnp4nagios	0.6.1	Yes
Application	pnp4nagios	pnp4nagios	0.6.2	Yes
Application	pnp4nagios	pnp4nagios	0.6.3	Yes
Application	pnp4nagios	pnp4nagios	0.6.4	Yes
Application	pnp4nagios	pnp4nagios	0.6.5	Yes
Application	pnp4nagios	pnp4nagios	0.6.6	Yes
Application	pnp4nagios	pnp4nagios	0.6.7	Yes
Application	pnp4nagios	pnp4nagios	0.6.10	Yes
Application	pnp4nagios	pnp4nagios	0.6.11	Yes
Application	pnp4nagios	pnp4nagios	0.6.12	Yes
Application	pnp4nagios	pnp4nagios	0.6.13	Yes
Application	pnp4nagios	pnp4nagios	0.6.14	Yes
Application	pnp4nagios	pnp4nagios	0.6.15	Yes
Application	pnp4nagios	pnp4nagios	0.6.16	Yes
Application	pnp4nagios	pnp4nagios	0.6.17	Yes
Application	pnp4nagios	pnp4nagios	0.6.18	Yes
Application	pnp4nagios	pnp4nagios	0.6.19	Yes
Application	pnp4nagios	pnp4nagios	0.6.20	Yes

References

http://docs.pnp4nagios.org/pnp-0.6/dwnld Patch ([email protected])
http://openwall.com/lists/oss-security/2014/07/11/3 ([email protected])
http://secunia.com/advisories/59535 ([email protected])
http://secunia.com/advisories/59603 ([email protected])
http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9 Exploit, Patch ([email protected])
http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/68350 ([email protected])
https://bugs.op5.com/view.php?id=8761 ([email protected])
http://docs.pnp4nagios.org/pnp-0.6/dwnld Patch (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2014/07/11/3 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59535 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59603 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/68350 (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.op5.com/view.php?id=8761 (af854a3a-2127-422b-91ae-364da2661108)