Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-08-22 07:55
Updated : 2018-10-09 12:50
NVD link : CVE-2014-5338
Mitre link : CVE-2014-5338
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
check_mk_project
- check_mk