CVE-2014-5338
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
22/08/2014
Last modified:
12/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:* | ||
cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://mathias-kettner.de/check_mk_werks.php?werk_id=0982&HTML=yes
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://www.securityfocus.com/bid/69312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95383
- http://mathias-kettner.de/check_mk_werks.php?werk_id=0982&HTML=yes
- http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html
- http://rhn.redhat.com/errata/RHSA-2015-1495.html
- http://www.securityfocus.com/archive/1/533180/100/0/threaded
- http://www.securityfocus.com/bid/69312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95383