CVE-2013-5695
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
05/11/2013
Last modified:
11/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:opsview:opsview:*:-:*:*:enterprise:*:*:* | 4.4 (including) | |
| cpe:2.3:a:opsview:opsview:*:-:*:*:pro:*:*:* | 4.4 (including) | |
| cpe:2.3:a:opsview:opsview:2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opsview:opsview:2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opsview:opsview:2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opsview:opsview:2.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opsview:opsview:2.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.0:-:*:*:community:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.1:-:*:*:community:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.2:-:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.4:-:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.6:-:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.8:-:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.10:-:*:*:enterprise:*:*:* | ||
| cpe:2.3:a:opsview:opsview:3.12:-:*:*:enterprise:*:*:* |
To consult the complete list of CPE names with products and versions, see this page