CVE-2011-1716

Xymon <4.3.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/71489

[Vendor Advisory] http://secunia.com/advisories/44036

[Product] http://xymon.svn.sourceforge.net/viewvc/xymon/branches/4.3.2/Changes?revision=6673&view=markup

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66542

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/517316/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/517325/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47156

[Third Party Advisory] http://securityreason.com/securityalert/8209

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

CWE

CWE-79

Status published

Affected Products (29)

xymon/xymon

xymon/xymon < 4.3.0

xymon/xymon

... and 14 more

Timeline

Published Apr 18, 2011

Tracked Since Feb 18, 2026