CVE-2014-5338

Published Aug 22, 2014

Last updated 3 months ago

CVSS info 3.5

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95436742-D5D2-4C8C-BCBE-9207659D97ED"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B7019F5-4E38-4895-803F-842F6EEBD5A7"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44880FB1-1E99-426D-8D28-9B2E09395C91"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02A2758A-B539-44BF-9D21-792D66467AB1"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A465E402-D401-45F5-AC00-5214E71D7BB4"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6664A0-4615-4EA3-A5DF-B9846BEFF4D0"
          },
          {
            "criteria": "cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD84DD11-025A-4404-A6F9-94D4431F315C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References