Unrated severityNVD Advisory· Published Aug 22, 2014· Updated Jun 17, 2026
CVE-2014-5338
CVE-2014-5338
Description
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p1:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p2:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.4:p3:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i1:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i2:*:*:*:*:*:*
- cpe:2.3:a:check_mk_project:check_mk:1.2.5:i3:*:*:*:*:*:*
- Range: <1.2.4p4, >=1.2.5 <1.2.5i4
Patches
Vulnerability mechanics
References
6- mathias-kettner.de/check_mk_werks.phpnvdPatchVendor Advisory
- packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1495.htmlnvd
- www.securityfocus.com/archive/1/533180/100/0/threadednvd
- www.securityfocus.com/bid/69312nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/95383nvd
News mentions
0No linked articles in our index yet.