CVE-2016-2058: XSS
First published: Wed Apr 13 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =8.0 | |
| Xymon Xymon | =4.1.0 | |
| Xymon Xymon | =4.1.1 | |
| Xymon Xymon | =4.1.2 | |
| Xymon Xymon | =4.1.2-p1 | |
| Xymon Xymon | =4.1.2-p2 | |
| Xymon Xymon | =4.2-alfa | |
| Xymon Xymon | =4.2-beta20060605 | |
| Xymon Xymon | =4.2-rc20060712 | |
| Xymon Xymon | =4.2.0 | |
| Xymon Xymon | =4.2.2 | |
| Xymon Xymon | =4.2.2-rc1 | |
| Xymon Xymon | =4.2.3 | |
| Xymon Xymon | =4.2.3-rc1 | |
| Xymon Xymon | =4.3.0 | |
| Xymon Xymon | =4.3.0-beta1 | |
| Xymon Xymon | =4.3.0-beta2 | |
| Xymon Xymon | =4.3.0-beta3 | |
| Xymon Xymon | =4.3.0-rc1 | |
| Xymon Xymon | =4.3.1 | |
| Xymon Xymon | =4.3.2 | |
| Xymon Xymon | =4.3.3 | |
| Xymon Xymon | =4.3.4 | |
| Xymon Xymon | =4.3.5 | |
| Xymon Xymon | =4.3.6 | |
| Xymon Xymon | =4.3.7 | |
| Xymon Xymon | =4.3.8 | |
| Xymon Xymon | =4.3.9 | |
| Xymon Xymon | =4.3.10 | |
| Xymon Xymon | =4.3.11 | |
| Xymon Xymon | =4.3.12 | |
| Xymon Xymon | =4.3.13 | |
| Xymon Xymon | =4.3.14 | |
| Xymon Xymon | =4.3.15 | |
| Xymon Xymon | =4.3.16 | |
| Xymon Xymon | =4.3.17 | |
| Xymon Xymon | =4.3.18 | |
| Xymon Xymon | =4.3.19 | |
| Xymon Xymon | =4.3.19-rc1 | |
| Xymon Xymon | =4.3.20 | |
| Xymon Xymon | =4.3.21 | |
| Xymon Xymon | =4.3.22 | |
| Xymon Xymon | =4.3.23 | |
| Xymon Xymon | =4.3.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- agent/type
- agent/weakness
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/xymon
- canonical/xymon xymon
- version/xymon xymon/4.1.0
- version/xymon xymon/4.1.1
- version/xymon xymon/4.1.2
- version/xymon xymon/4.1.2-p1
- version/xymon xymon/4.1.2-p2
- version/xymon xymon/4.2-alfa
- version/xymon xymon/4.2-beta20060605
- version/xymon xymon/4.2-rc20060712
- version/xymon xymon/4.2.0
- version/xymon xymon/4.2.2
- version/xymon xymon/4.2.2-rc1
- version/xymon xymon/4.2.3
- version/xymon xymon/4.2.3-rc1
- version/xymon xymon/4.3.0
- version/xymon xymon/4.3.0-beta1
- version/xymon xymon/4.3.0-beta2
- version/xymon xymon/4.3.0-beta3
- version/xymon xymon/4.3.0-rc1
- version/xymon xymon/4.3.1
- version/xymon xymon/4.3.2
- version/xymon xymon/4.3.3
- version/xymon xymon/4.3.4
- version/xymon xymon/4.3.5
- version/xymon xymon/4.3.6
- version/xymon xymon/4.3.7
- version/xymon xymon/4.3.8
- version/xymon xymon/4.3.9
- version/xymon xymon/4.3.10
- version/xymon xymon/4.3.11
- version/xymon xymon/4.3.12
- version/xymon xymon/4.3.13
- version/xymon xymon/4.3.14
- version/xymon xymon/4.3.15
- version/xymon xymon/4.3.16
- version/xymon xymon/4.3.17
- version/xymon xymon/4.3.18
- version/xymon xymon/4.3.19
- version/xymon xymon/4.3.19-rc1
- version/xymon xymon/4.3.20
- version/xymon xymon/4.3.21
- version/xymon xymon/4.3.22
- version/xymon xymon/4.3.23
- version/xymon xymon/4.3.24