Xymon : Security Vulnerabilities, CVEs, (XSS)

CVE-2019-13274

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
Max CVSS
6.1
EPSS Score
0.19%
Published
2019-08-27
Updated
2019-08-28

CVE-2016-2058

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.
Max CVSS
5.4
EPSS Score
0.08%
Published
2016-04-13
Updated
2018-10-09

CVE-2011-1716

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.28%
Published
2011-04-18
Updated
2018-10-09
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close