CVE-2014-4907
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
4.3
Description
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| op5 | monitor | 6.3.0 | |
| pnp4nagios | pnp4nagios | {"endIncluding":"0.6.21"} | |
| pnp4nagios | pnp4nagios | 0.6.0 | |
| pnp4nagios | pnp4nagios | 0.6.1 | |
| pnp4nagios | pnp4nagios | 0.6.2 | |
| pnp4nagios | pnp4nagios | 0.6.3 | |
| pnp4nagios | pnp4nagios | 0.6.4 | |
| pnp4nagios | pnp4nagios | 0.6.5 | |
| pnp4nagios | pnp4nagios | 0.6.6 | |
| pnp4nagios | pnp4nagios | 0.6.7 | |
| pnp4nagios | pnp4nagios | 0.6.10 | |
| pnp4nagios | pnp4nagios | 0.6.11 | |
| pnp4nagios | pnp4nagios | 0.6.12 | |
| pnp4nagios | pnp4nagios | 0.6.13 | |
| pnp4nagios | pnp4nagios | 0.6.14 | |
| pnp4nagios | pnp4nagios | 0.6.15 | |
| pnp4nagios | pnp4nagios | 0.6.16 | |
| pnp4nagios | pnp4nagios | 0.6.17 | |
| pnp4nagios | pnp4nagios | 0.6.18 | |
| pnp4nagios | pnp4nagios | 0.6.19 | |
| pnp4nagios | pnp4nagios | 0.6.20 | |
References
- http://docs.pnp4nagios.org/pnp-0.6/dwnld
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes
- http://www.securityfocus.com/bid/68350
- https://bugs.op5.com/view.php?id=8761
- http://docs.pnp4nagios.org/pnp-0.6/dwnld
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes
- http://www.securityfocus.com/bid/68350
- https://bugs.op5.com/view.php?id=8761
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.