CVE-2015-8010

Опубликовано: 27 мар. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00019.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/23/15
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/29/15
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97145
https://github.com/Icinga/icinga-core/issues/1563
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00019.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/23/15
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/29/15
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97145
https://github.com/Icinga/icinga-core/issues/1563
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*

Версия до 1.13.4 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00354

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2015-8010

CVSS3: 6.1

ubuntu

почти 9 лет назад

CVE-2015-8010

CVSS3: 6.1

debian

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CS ...

GHSA-x57r-7jqf-5w9p

CVSS3: 6.1

github

больше 3 лет назад

openSUSE-SU-2017:0146-1

suse-cvrf

около 9 лет назад

Security update for icinga

openSUSE-SU-2018:3258-1

suse-cvrf

больше 7 лет назад

Security update for icinga

EPSS

Процентиль: 57%

0.00354

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79