Cross-Site Scripting (XSS) Vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x

Cross-Site Scripting (XSS) Vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x

CVE-2016-2058 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.

Learn more about our Web App Pen Testing.