4.3
CVSSv2

CVE-2013-6395

Published: 05/12/2013 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote malicious users to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.

Affected Products

Vendor Product Versions
GangliaGanglia-web3.5.8, 3.5.10

Vendor Advisories

Debian Bug report logs - #730507 ganglia-web: CVE-2013-6395: XSS flaw in Ganglia web interface Package: ganglia-web; Maintainer for ganglia-web is Debian Monitoring Maintainers <pkg-monitoring-maintainers@listsaliothdebianorg>; Reported by: Eric Sesterhenn <snakebyte@gmxde> Date: Mon, 25 Nov 2013 21:39:02 UTC Sev ...
Cross-site scripting (XSS) vulnerability in headerphp in Ganglia Web 358 and 3510 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_contextphp ...