CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
72.7%
Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message (CVE-2014-4907). Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching share/pnp/application/views/kohana_error_page.php or share/pnp/application/views/template.php, leading to improper handling within an http-equiv=“refresh” META element (CVE-2014-4908).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | pnp4nagios | < 0.6.25-1.1 | pnp4nagios-0.6.25-1.1.mga4 |