mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 01:56:40 +02:00
0xMarcio
886 B
886 B
CVE-2014-6254
Description
Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410.
POC
Reference
- http://www.kb.cert.org/vuls/id/449452
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
Github
No PoCs found on GitHub currently.