CVE-2013-5695

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:opsview:opsview:3.10:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.8:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.6:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.4:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.2:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:4.2:-:*:*:pro:*:*:*
cpe:2.3:a:opsview:opsview:4.2:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:4.1:-:*:*:pro:*:*:*
cpe:2.3:a:opsview:opsview:4.1:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:2.10:*:*:*:*:*:*:*
cpe:2.3:a:opsview:opsview:2.8:*:*:*:*:*:*:*
cpe:2.3:a:opsview:opsview:3.1:-:*:*:community:*:*:*
cpe:2.3:a:opsview:opsview:2.12:*:*:*:*:*:*:*
cpe:2.3:a:opsview:opsview:4.0:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.14:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:3.12:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:4.0:-:*:*:pro:*:*:*
cpe:2.3:a:opsview:opsview:3.0:-:*:*:community:*:*:*
cpe:2.3:a:opsview:opsview:4.3:-:*:*:pro:*:*:*
cpe:2.3:a:opsview:opsview:*:-:*:*:pro:*:*:*
cpe:2.3:a:opsview:opsview:*:-:*:*:enterprise:*:*:*
cpe:2.3:a:opsview:opsview:2.14:*:*:*:*:*:*:*
cpe:2.3:a:opsview:opsview:2.7:*:*:*:*:*:*:*
cpe:2.3:a:opsview:opsview:4.3:-:*:*:enterprise:*:*:*

Information

Published : 2013-11-05 12:55

Updated : 2013-11-06 17:02


NVD link : CVE-2013-5695

Mitre link : CVE-2013-5695


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

opsview

  • opsview