Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ganglia | First view | 2013-12-05 |
| Product | Ganglia-Web | Last view | 2024-11-19 |
| Version | 3.5.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ganglia:ganglia-web | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2024-11-19 | CVE-2024-52763 | A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter. |
| 5.4 | 2024-11-19 | CVE-2024-52762 | A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter. |
| 6.1 | 2020-01-11 | CVE-2019-20379 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. |
| 6.1 | 2020-01-11 | CVE-2019-20378 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. |
| 9.8 | 2017-08-09 | CVE-2015-6816 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. |
| 4.3 | 2013-12-05 | CVE-2013-6395 | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 83% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-287 | Improper Authentication |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-accdc7ebfc.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-de8ba28354.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-ee7a2b5844.nasl - Type: ACT_GATHER_INFO |
| 2015-11-24 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2015-612.nasl - Type: ACT_GATHER_INFO |
| 2015-09-09 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_d68df01b564e11e59ad814dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2013-12-23 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2013-268.nasl - Type: ACT_GATHER_INFO |
| 2013-12-14 | Name: The remote Fedora host is missing a security update. File: fedora_2013-22396.nasl - Type: ACT_GATHER_INFO |
| 2013-12-10 | Name: The remote Fedora host is missing a security update. File: fedora_2013-22444.nasl - Type: ACT_GATHER_INFO |
| 2013-12-10 | Name: The remote Fedora host is missing a security update. File: fedora_2013-22497.nasl - Type: ACT_GATHER_INFO |
