CVSS: 4.3EPSS: 0%CPEs: 92EXPL: 0CVE-2012-0790
https://notcve.org/view.php?id=CVE-2012-0790
Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en smokeping_cgi en Smokeping v2.4.2, v2.6.6, y otras versiones anteriores a v2.6.7 permite a atacantes remotos inyectar código HTML o script web a través del parámetro 'displaymode'. • http://holisticinfosec.org/content/view/188/45 http://oss.oetiker.ch/smokeping/pub/CHANGES http://secunia.com/advisories/47678 http://www.openwall.com/lists/oss-security/2012/01/21/1 http://www.securityfocus.com/bid/51584 https://bugs.gentoo.org/show_bug.cgi?id=399553 https://bugzilla.redhat.com/show_bug.cgi?id=783584 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •