CVE-2013-6039
Summary
| CVE | CVE-2013-6039 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-12-09 16:55:00 UTC |
| Updated | 2013-12-13 05:22:00 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow search input, related to the search functionality in functions/content_class.php. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 100612 | OSVDB | osvdb.org | |
| JVNVU#92648323: NagiosQL にクロスサイトスクリプティングの脆弱性 | MISC | jvn.jp | |
| Security Advisory SA55896 - NagiosQL "txtSearch" Cross-Site Scripting Vulnerability - Secunia | SECUNIA | secunia.com | |
| NagiosQL Supportforum :: Topic: Security Hotfix for NagiosQL 3.2 SP2 (1/1) | NagiosQL | CONFIRM | www.nagiosql.org | |
| 20131205 Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 (CVE: CVE-2013-6039) | FULLDISC | archives.neohapsis.com | |
| Vulnerability Note VU#268662 - NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.