Vulnerability Description
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
| Ntop | Ntop | - |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2015-0168.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html
- http://packetstormsecurity.com/files/127043/ntop-xss.txtExploit
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:216
- http://www.securityfocus.com/bid/68002Exploit
- http://www.securitytracker.com/id/1030437
- http://advisories.mageia.org/MGASA-2015-0168.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html
- http://packetstormsecurity.com/files/127043/ntop-xss.txtExploit
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:216
- http://www.securityfocus.com/bid/68002Exploit
- http://www.securitytracker.com/id/1030437
FAQ
What is CVE-2014-4165?
CVE-2014-4165 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
How severe is CVE-2014-4165?
CVE-2014-4165 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4165?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Ntop Ntop.