Changed |
Description |
Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later.
|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11454. Reason: This candidate is a reservation duplicate of CVE-2019-11454. Notes: All CVE users should reference CVE-2019-11454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
|