Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Check Mk Project | Check Mk | 1.2.4 |
Related Weaknesses (CWE)
References
- http://mathias-kettner.de/check_mk_werks.php?werk_id=0982&HTML=yesPatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://www.securityfocus.com/bid/69312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95383
- http://mathias-kettner.de/check_mk_werks.php?werk_id=0982&HTML=yesPatchVendor Advisory
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://www.securityfocus.com/bid/69312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95383
FAQ
What is CVE-2014-5338?
CVE-2014-5338 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HT...
How severe is CVE-2014-5338?
CVE-2014-5338 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5338?
Check the references section above for vendor advisories and patch information. Affected products include: Check Mk Project Check Mk.