exploitDog

CVE-2018-16147

Опубликовано: 05 сент. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.

Ссылки

https://knowledge.opsview.com/v5.3/docs/whats-new
Release Notes
Vendor Advisory
https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes
Vendor Advisory
https://seclists.org/fulldisclosure/2018/Sep/3
Exploit
Mailing List
Third Party Advisory
https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Exploit
Third Party Advisory
https://knowledge.opsview.com/v5.3/docs/whats-new
Release Notes
Vendor Advisory
https://knowledge.opsview.com/v5.4/docs/whats-new
Release Notes
Vendor Advisory
https://seclists.org/fulldisclosure/2018/Sep/3
Exploit
Mailing List
Third Party Advisory
https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:opsview:opsview:*:*:*:*:*:*:*:*

Версия до 5.3.1 (исключая)

cpe:2.3:a:opsview:opsview:*:*:*:*:*:*:*:*

Версия от 5.4.0 (включая) до 5.4.2 (исключая)

EPSS

Процентиль: 65%

0.00501

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pf78-mqq9-m3g8

CVSS3: 6.1

github

больше 3 лет назад

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.

EPSS

Процентиль: 65%

0.00501

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79