Skip to main content

Opsview CVE-2013-7254

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-01-03 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 03, 2014 - 18:54 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Opsview. Version information: before 4.4.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-10367 HIGH POC
7.5 May 03

In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a ce

CVE-2018-16144 CRITICAL POC
9.8 Sep 05

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vuln

CVE-2018-16145 HIGH POC
8.1 Sep 05

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before

CVE-2013-5694 HIGH POC
7.5 Nov 05

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arb

CVE-2018-16146 HIGH POC
7.2 Sep 05

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated a

CVE-2016-10368 MEDIUM POC
6.1 May 03

Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.16239

CVE-2015-6035 MEDIUM POC
6.1 Apr 10

Opsview before 2015-11-06 has XSS via SNMP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable

CVE-2018-16148 MEDIUM POC
6.1 Sep 05

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerabl

CVE-2018-16147 MEDIUM POC
6.1 Sep 05

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulner

CVE-2015-4420 MEDIUM POC
4.3 Jun 18

Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitr

CVE-2013-5695 MEDIUM POC
4.3 Nov 05

Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary w

CVE-2013-7256 MEDIUM
6.8 Jan 03

Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentica

Share

CVE-2013-7254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy