Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Opsview 跨站脚本漏洞
Vulnerability Description
Opsview Core是英国Opsview公司的一套企业级的网络、服务器和应用程序监控工具。该工具可与Nagios Core、 RRDTool等监控系统集成使用。 Opsview 4.4.1之前的版本中存在跨站脚本漏洞,该漏洞源于(1)admin/auditlog/脚本没有充分过滤id参数,(2)info/host/和viewport/脚本没有充分过滤PATH_INFO参数,(3)login脚本没有充分过滤back参数,(4)status/service/recheck脚本没有充分过滤from参数。远程
CVSS Information
N/A
Vulnerability Type
N/A