vendor:
Opsview
by:
Dolev Farhi
7.5
CVSS
HIGH
Multiple XSS
79
CWE
Product Name: Opsview
Affected Version From: 4.6.2002
Affected Version To: 4.6.2002
Patch Exists: YES
Related CWE: CVE-2015-4420
CPE: a:opsview:opsview:4.6.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Kali Linux + Windows 7
2015
Opsview 4.6.2 – Multiple XSS
Opsview is a monitoring system based on Nagios Core. Opsview is prone to several stored and reflected XSS vulnerabilities in the latest version. Stored XSS can be injected through a malicious check plugin or in the host profile. Reflected XSS can be injected in the Test service check page.
Mitigation:
Users should update to the latest version of Opsview and ensure that all plugins are from trusted sources.