Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.
5.9AI Score
0.003EPSS
6.1CVSS
5.8AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
6.1CVSS
5.9AI Score
0.002EPSS
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.
7.5CVSS
7.7AI Score
0.001EPSS
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
6.5CVSS
6.5AI Score
0.001EPSS