Описание
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | released | 1:5.25.2-1ubuntu0.1 |
| devel | not-affected | 1:5.25.3-1 |
| disco | released | 1:5.25.2-3ubuntu0.1 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1:5.25.1-1ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 1:5.25.3-1 |
| esm-apps/jammy | not-affected | 1:5.25.3-1 |
| esm-apps/xenial | released | 1:5.16-2ubuntu0.2+esm1 |
| esm-infra-legacy/trusty | released | 1:5.6-2ubuntu0.1+esm2 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash ...
Уязвимость утилиты для управления и мониторинга процессов, программ, файлов и каталогов Monit, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю вызвать отказ в обслуживании
4.3 Medium
CVSS2
6.1 Medium
CVSS3