CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-3739
https://notcve.org/view.php?id=CVE-2014-3739
Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter. Vulnerabilidad de redirección abierta en zport/acl_users/cookieAuthHelper/login_form en Zenoss 4.2.5 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL an el parámetro came_from. • http://www.openwall.com/lists/oss-security/2014/05/14/5 http://www.openwall.com/lists/oss-security/2014/05/15/5 http://www.securityfocus.com/bid/67396 https://www.youtube.com/watch?v=wtmdsz24evo • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2014-3738 – Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3738
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. Vulnerabilidad de XSS en Zenoss 4.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del título de un dispositivo. Zenoss Monitoring System version 4.2.5-2108 64-bit suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34165 http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34165 http://www.openwall.com/lists/oss-security/2014/05/14/5 http://www.openwall.com/lists/oss-security/2014/05/15/5 http://www.securityfocus.com/bid/67396 https://www.youtube.com/watch?v=wtmdsz24evo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •