CVE-2014-6254 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zenoss	Zenoss Core

Configuration 1 [-]

OR	cpe:2.3:a:zenoss:zenoss_core::beta_3::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.4.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.4.5:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.2:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.2:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.3:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.1.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.2.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.2.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.3:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.4:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.5:::::::*
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1::::::
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2::::::

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/449452
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-15T17:27:00

Updated: 2024-08-06T12:10:12.984Z

Reserved: 2014-09-05T00:00:00

Link: CVE-2014-6254

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-12-15T18:59:07.800

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6254

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-13T04:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#449452", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6254", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#449452", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/449452"}, {"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "refsource": "CONFIRM", "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:10:12.984Z"}, "title": "CVE Program Container", "references": [{"name": "VU#449452", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6254", "datePublished": "2014-12-15T17:27:00", "dateReserved": "2014-09-05T00:00:00", "dateUpdated": "2024-08-06T12:10:12.984Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*", "matchCriteriaId": "E07C6E2D-EA8A-4676-BF15-00275D764503", "versionEndIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "81B69C06-16CA-4A73-8EF8-3E2103D14438", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "33BCBA94-31A9-4B0B-943D-8BB31B552B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CD24A2C-C0B5-43B3-8F8E-7E72FF8B65B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F73AE1C8-8EF9-4AD2-88A9-5108B0B64D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B4C24942-BE6F-4BDF-8642-4458229F8995", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCCAE80F-40D6-44B4-8253-5A27B2A2E015", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "020D8B51-8378-4E4B-A72F-6B5C7ED9CEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84FFAAE5-E7EC-40D7-8BEC-335FB6A9EA56", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE2CE264-118C-4EE1-9454-7940B6EE7704", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "498262F4-FDA2-4FAD-A45A-1C0EE87F83FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAD8E20-EB1E-49E7-9620-539749F125C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B696A404-81CD-4F97-9C45-4E0667685BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6F74787-A72A-4C79-8682-91DD6BE85E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7803AA36-92DC-4362-AB99-99A06B1329EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BDF496-3032-48E2-AAE4-849488F308A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D37107EA-3F8B-44A3-BE8E-B8F8C6B5CB62", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C692049-A157-4783-B559-557E572FCE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "38074012-8B78-42B6-B2F5-6BDB84517990", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "05E299D7-0960-40FB-8B6F-A01A047F0A77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Zenoss Core hasta 5 Beta 3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un atributo en (1) un nombre de dispositivo, (2) un detalle de dispositivo, (3) un nombre de informe, (4) un detalle de informe o (5) un nombre de portlet o (6) una cadena en un m\u00e9todo de ayudante, tambi\u00e9n conocido como ZEN-15381 y ZEN-15410."}], "id": "CVE-2014-6254", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-12-15T18:59:07.800", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}