Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit prior to 5.25.3 allows a remote unauthenticated malicious user to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mmonit monit |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 19.04 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |