CVE-2014-3738

Zenoss - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.

Exploits (1)

exploitdb WORKING POC

by Dolev Farhi · textwebappsmultiple

https://www.exploit-db.com/exploits/34165

View Code ZIP pw:eip

References (6)

[Exploit] http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html

[Exploit] http://www.exploit-db.com/exploits/34165

[Exploit] https://www.youtube.com/watch?v=wtmdsz24evo

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67396

[Mailing List] http://www.openwall.com/lists/oss-security/2014/05/14/5

[Mailing List] http://www.openwall.com/lists/oss-security/2014/05/15/5

Scores

EPSS 0.0595

EPSS Percentile 90.5%

Details

CWE

CWE-79

Status published

Products (2)

zenoss/zenoss

n/a/n/a

Published May 20, 2014

Tracked Since Feb 18, 2026