CVE-2019-11454
published 2019-04-22CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary…
PriorityP433medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
2.41%
82.1th percentile
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | monit | < monit 1:5.25.3-1 (bookworm) | monit 1:5.25.3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mmonit | monit | < 5.25.3 | 5.25.3 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.25.3-1 | 1:5.25.3-1 |
| tildeslash | monit | >= 0 < 1:5.6-2ubuntu0.1+esm2 | 1:5.6-2ubuntu0.1+esm2 |
| tildeslash | monit | >= 0 < 1:5.16-2ubuntu0.2+esm1 | 1:5.16-2ubuntu0.2+esm1 |
| tildeslash | monit | >= 0 < 1:5.25.1-1ubuntu0.1~esm1 | 1:5.25.1-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Monit vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 6.1
CVE-2019-11455 [MEDIUM] Monit vulnerabilities
Title: Monit vulnerabilities
Summary: Several security issues were fixed in Monit.
Zack Flack discovered that Monit incorrectly handled certain input. A
remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to potentially leak sensitive
information. (CVE-2019-11455)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Monit vulnerabilities
vendor_ubuntu·2019-05-08·CVSS 6.1
CVE-2019-11454 [MEDIUM] Monit vulnerabilities
Title: Monit vulnerabilities
Summary: Several security issues were fixed in Monit
Zack Flack discovered that Monit incorrectly handled certain input. A remote
authenticated user could exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs.
An attacker could exploit this to leak potentially sensitive information.
(CVE-2019-11455)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2019-11454: monit - Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit befo...
vendor_debian·2019·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454: monit - Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit befo...
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Scope: local
bookworm: resolved (fixed in 1:5.25.3-1)
bullseye: resolved (fixed in 1:5.25.3-1)
forky: resolved (fixed in 1:5.25.3-1)
sid: resolved (fixed in 1:5.25.3-1)
trixie: resolved (fixed in 1:5.25.3-1)
GHSA
Cross-site scripting
ghsa_unreviewed·2022-05-24
CVE-2019-11454 [MEDIUM] CWE-79 Cross-site scripting
Cross-site scripting
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
OSV
monit vulnerabilities
osv·2021-03-15·CVSS 6.1
CVE-2019-11454 [MEDIUM] monit vulnerabilities
monit vulnerabilities
Zack Flack discovered that Monit incorrectly handled certain input. A
remote authenticated user could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2019-11454)
Zack Flack discovered a buffer overread when Monit decoded certain crafted
URLs. An attacker could exploit this to potentially leak sensitive
information. (CVE-2019-11455)
OSV
CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet
osv·2019-04-22·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2020-36968 [MEDIUM] CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36968 :
Monit vulnerability analysis and mitigation
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
Source : NVD
## 7.1
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Monit
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 45.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
monit
Sources
NVD
Echo Severity MEDIUM No Fix Added at: Jan 29, 2026
## Get a CVE ris
Wiz
CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2020-36969 [MEDIUM] CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-36969 :
Monit vulnerability analysis and mitigation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
Source : NVD
## 8.7
Score
Published January 28, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Monit
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
monit
Sources
NVD
Echo Severity HIGH No Fix Added at: Jan 29, 2026
## Get a CVE
Bugzilla
CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c
bugzilla·2019-04-24·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c
CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
Reference:
https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py
Upstream commit:
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
Discussion:
Created monit tracking bugs for this issue:
Affects: fedora-all [bug 1702683]
---
Created monit tracking bugs for this issu
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
bugzilla·2019-04-24·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
bugzilla·2019-04-24·CVSS 6.1
CVE-2019-11454 [MEDIUM] CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728chttps://github.com/dzflack/exploits/blob/master/unix/monit_xss.pyhttps://lists.debian.org/debian-lts-announce/2019/04/msg00028.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/https://usn.ubuntu.com/3971-1/https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728chttps://github.com/dzflack/exploits/blob/master/unix/monit_xss.pyhttps://lists.debian.org/debian-lts-announce/2019/04/msg00028.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZQDHRSKTEX5MSYXNCGFTUSFGANBARHX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L475QJMFFI2QV5QEHAKKPVX6QX6ECUL6/https://usn.ubuntu.com/3971-1/
2019-04-22
Published