Unrated severityNVD Advisory· Published Aug 22, 2014· Updated May 6, 2026
CVE-2014-5338
CVE-2014-5338
Description
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
Affected products
7cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- mathias-kettner.de/check_mk_werks.phpnvdPatchVendor Advisory
- packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1495.htmlnvd
- www.securityfocus.com/archive/1/533180/100/0/threadednvd
- www.securityfocus.com/bid/69312nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95383nvd
News mentions
0No linked articles in our index yet.