VDB

GCVE-110-MAGEIA-2015-203

GCVE-110-MAGEIA-2015-203
Advisory Published
Vulnetix · Advisory published May 11, 2015
Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message (CVE-2014-4907). Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching share/pnp/application/views/kohana_error_page.php or share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element (CVE-2014-4908).

Affected Products

VendorProductVersionsPlatforms
Mageiapython-mageiasync0.1.7-1.mga5 (unaffected), 0 (affected)
Mageiapnp4nagios0 (affected), 0.6.25-1.1.mga4 (unaffected), 0 (affected), 0.6.25-1.1.mga4 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›