CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7071
https://notcve.org/view.php?id=CVE-2013-7071
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Una vulnerabilidad de tipo cross-site scripting (XSS) en la función handle_request en la biblioteca lib/HTTPServer.pm en Monitorix versiones anteriores a la versión 3.4.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro PATH_INFO. • http://openwall.com/lists/oss-security/2013/12/12/8 https://github.com/mikaku/Monitorix/commit/e86c11593238be6956a67a04d640c65810d50b59 https://github.com/mikaku/Monitorix/issues/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2013-7070
https://notcve.org/view.php?id=CVE-2013-7070
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. La función handle_request en la biblioteca lib/HTTPServer.pm en Monitorix versiones anteriores a la versión 3.3.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en el URI. • http://openwall.com/lists/oss-security/2013/12/12/8 https://github.com/mikaku/Monitorix/commit/ff80441be7089f774448dfe4b49e6fced70e71cb https://github.com/mikaku/Monitorix/issues/30 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7649
https://notcve.org/view.php?id=CVE-2018-7649
Monitorix before 3.10.1 allows XSS via CGI variables. Monitorix en versiones anteriores a la 3.10.1 permite Cross-Site Scripting (XSS) mediante variables CGI. • http://www.monitorix.org/changelog.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •