VDB
CVE-2013-6039
CVE-2013-6039
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow search input, related to the search functionality in functions/content_class.php.
EPSS 1.35% · 80.5th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
1.35%
80.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nagiosql | nagiosql | 3.2 |
| n/a | n/a | n/a |
Timeline
- Dec 9, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- VU#268662 third-party-advisory
- 55896 third-party-advisory
- http://jvn.jp/cert/JVNVU92648323/index.html url
- 100612 vdb
- 20131205 Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 (CVE: CVE-2013-6039) mailing-list
- http://www.nagiosql.org/forum8/solved-issues/3270-security-hotfix-for-nagiosql-3-2-sp2.html url
- https://nvd.nist.gov/vuln/detail/CVE-2013-6039 advisory