CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20378
https://notcve.org/view.php?id=CVE-2019-20378
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. ganglia-web (también se conoce como Ganglia Web Frontend) versiones hasta la versión 3.7.5, permite un ataque de tipo XSS por medio del parámetro ce del archivo header.php. • https://github.com/ganglia/ganglia-web/issues/351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20379
https://notcve.org/view.php?id=CVE-2019-20379
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. ganglia-web (también se conoce como Ganglia Web Frontend) versiones hasta la versión 3.7.5, permite un ataque de tipo XSS por medio del parámetro cs del archivo header.php. • https://github.com/ganglia/ganglia-web/issues/351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2015-6816
https://notcve.org/view.php?id=CVE-2015-6816
ganglia-web before 3.7.1 allows remote attackers to bypass authentication. ganglia-web en versiones anteriores a la 3.7.1 permite que atacantes remotos eludan la autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html http://www.openwall.com/lists/oss-security/2015/09/05/6 http://www.securityfocus.com/bid/92146 https://bugzilla.redhat.com/show_bug.cgi?id=1260562 https://github.com/ganglia/ganglia-web/issues/267 https://www.freshports.org/sysutils/ganglia-webfronten • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1770
https://notcve.org/view.php?id=CVE-2013-1770
Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. Vulnerabilidad de XSS en views_view.php en Ganglia Web 3.5.7 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro view_name. • http://secunia.com/advisories/52673 http://www.openwall.com/lists/oss-security/2013/02/21/12 http://www.openwall.com/lists/oss-security/2013/02/26/11 https://bugzilla.redhat.com/show_bug.cgi?id=892823 https://exchange.xforce.ibmcloud.com/vulnerabilities/82468 https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6 https://github.com/ganglia/ganglia-web/issues/160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 4CVE-2013-6395
https://notcve.org/view.php?id=CVE-2013-6395
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. Vulnerabilidad de cross-site scripting (XSS) en header.php en Ganglia Web 3.5.8 y 3.5.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del parámetro host_regex a la URI por defecto, la cual es procesada por get_context.php. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730507 http://osvdb.org/100380 http://seclists.org/oss-sec/2013/q4/346 http://secunia.com/advisories/55854 http://www.rusty-ice.de/advisory/advisory_2013002.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/89272 https://github.com/ganglia/ganglia-web/issues/218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •