Vulnerability Description
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Op5 | Monitor | 6.3.0 |
| Pnp4Nagios | Pnp4Nagios | <= 0.6.21 |
Related Weaknesses (CWE)
References
- http://docs.pnp4nagios.org/pnp-0.6/dwnldPatch
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af74761915119ExploitPatch
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notesVendor Advisory
- http://www.securityfocus.com/bid/68350
- https://bugs.op5.com/view.php?id=8761
- http://docs.pnp4nagios.org/pnp-0.6/dwnldPatch
- http://openwall.com/lists/oss-security/2014/07/11/3
- http://secunia.com/advisories/59535
- http://secunia.com/advisories/59603
- http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af74761915119ExploitPatch
- http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notesVendor Advisory
- http://www.securityfocus.com/bid/68350
FAQ
What is CVE-2014-4907?
CVE-2014-4907 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter...
How severe is CVE-2014-4907?
CVE-2014-4907 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4907?
Check the references section above for vendor advisories and patch information. Affected products include: Op5 Monitor, Pnp4Nagios Pnp4Nagios.