Check_MK CVE-2014-5338 Unspecified Cross Site Scripting Vulnerability
BID:69312
Info
Check_MK CVE-2014-5338 Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 69312 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5338 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 20 2014 12:00AM |
| Updated: | Apr 13 2015 09:28PM |
| Credit: | Deutsche Telekom CERT |
| Vulnerable: |
Letzte �?nderung Check_MK 1.2.5i3 Letzte �?nderung Check_MK 1.2.4p3 |
| Not Vulnerable: |
Letzte �?nderung Check_MK 1.2.5i4 Letzte �?nderung Check_MK 1.2.4p4 |
Discussion
Check_MK CVE-2014-5338 Unspecified Cross Site Scripting Vulnerability
Check_MK is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Check_MK is prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Exploit / POC
Check_MK CVE-2014-5338 Unspecified Cross Site Scripting Vulnerability
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.