CVE-2019-11454Cross-site Scripting in Monit

CWE-79Cross-site Scripting12 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
1.1%
top 21.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Tildeslash MonitMmonit MonitDebian Monit+3 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Debiantildeslash/monit< 1:5.25.3-1+3
Ubuntutildeslash/monit< 1:5.6-2ubuntu0.1+esm2+2
NVDmmonit/monit< 5.25.3
debiandebian/monit< monit 1:5.25.3-1 (bookworm)

Also affects: Debian Linux 8.0, 9.0, Fedora 31, 32, Ubuntu Linux 18.10, 19.04

Patches

Patch: bitbucket.orgPatch: bitbucket.orgPatch: bitbucket.org

🔴Vulnerability Details

3
GHSA
Cross-site scripting2022-05-24
OSV
monit vulnerabilities2021-03-15
OSV
CVE-2019-11454: Persistent cross-site scripting (XSS) in http/cervlet2019-04-22

📋Vendor Advisories

3
Ubuntu
Monit vulnerabilities2021-03-15
Ubuntu
Monit vulnerabilities2019-05-08
Debian
CVE-2019-11454: monit - Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit befo...2019

🕵️Threat Intelligence

2
Wiz
CVE-2020-36968 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2020-36969 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

3
Bugzilla
CVE-2019-11454 monit: cross-site scripting (XSS) in http/cervlet.c2019-04-24
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [epel-all]2019-04-24
Bugzilla
CVE-2019-11454 CVE-2019-11455 monit: various flaws [fedora-all]2019-04-24
CVE-2019-11454 — Cross-site Scripting in Mmonit Monit | cvebase