Lucene search
HistoryJun 16, 2014 - 6:55 p.m.
CVE-2014-4165
cve-2014-4165
cross-site scripting
xss
vulnerability
ntop
remote attackers
web script
html
title parameter
list action
plugins
rrdplugin
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.
Affected configurations
Node
opensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
ntopntopMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| opensuse:opensuse | opensuse | eq | 13.1 |
| opensuse:opensuse | opensuse | eq | 13.2 |
Related
nessus
nessus
openSUSE Security Update : ntop (openSUSE-2015-309)
2015-04-17 00:00:00
Mandriva Linux Security Advisory : ntop (MDVSA-2015:216)
2015-04-30 00:00:00
cvelist
cvelist
CVE-2014-4165
2014-06-16 18:00:00
nvd
nvd
CVE-2014-4165
2014-06-16 18:55:10
mageia
mageia
Updated ntop packages fix CVE-2014-4165
2015-04-24 00:14:25
ubuntucve
ubuntucve
CVE-2014-4165
2014-06-16 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0168)
2022-01-28 00:00:00
prion
prion
Cross site scripting
2014-06-16 18:55:00
securityvulns
securityvulns
[ MDVSA-2015:216 ] ntop
2015-05-11 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
Related for CVE-2014-4165