Skip to main content

Opsview CVE-2013-5695

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-11-05 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 05, 2013 - 20:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck. Affected products include: Opsview. Version information: before 4.4.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-10367 HIGH POC
7.5 May 03

In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a ce

CVE-2018-16144 CRITICAL POC
9.8 Sep 05

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vuln

CVE-2018-16145 HIGH POC
8.1 Sep 05

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before

CVE-2013-5694 HIGH POC
7.5 Nov 05

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arb

CVE-2018-16146 HIGH POC
7.2 Sep 05

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated a

CVE-2016-10368 MEDIUM POC
6.1 May 03

Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.16239

CVE-2015-6035 MEDIUM POC
6.1 Apr 10

Opsview before 2015-11-06 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable

CVE-2018-16148 MEDIUM POC
6.1 Sep 05

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerabl

CVE-2018-16147 MEDIUM POC
6.1 Sep 05

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulner

CVE-2015-4420 MEDIUM POC
4.3 Jun 18

Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitr

CVE-2013-7256 MEDIUM
6.8 Jan 03

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentica

CVE-2013-7255 MEDIUM
5.8 Jan 03

Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and

Share

CVE-2013-5695 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy