CVE-2012-0790

Smokeping <2.6.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.

References (7)

[Various Sources] http://holisticinfosec.org/content/view/188/45/

[Various Sources] http://oss.oetiker.ch/smokeping/pub/CHANGES

[Vendor Advisory] http://secunia.com/advisories/47678

[Issue Tracking] https://bugs.gentoo.org/show_bug.cgi?id=399553

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=783584

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51584

[Mailing List] http://www.openwall.com/lists/oss-security/2012/01/21/1

Scores

EPSS 0.0048

EPSS Percentile 64.8%

Classification

CWE

CWE-79

Status published

Affected Products (50)

oetiker/smokeping < 2.6.6

oetiker/smokeping

... and 35 more

Timeline

Published Jan 24, 2012

Tracked Since Feb 18, 2026