Test ID:	1.3.6.1.4.1.25623.1.1.10.2015.0203
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2015-0203)
Summary:	The remote host is missing an update for the 'pnp4nagios' package(s) announced via the MGASA-2015-0203 advisory.
Description:	Summary: The remote host is missing an update for the 'pnp4nagios' package(s) announced via the MGASA-2015-0203 advisory. Vulnerability Insight: Updated pnp4nagios package fixes security vulnerabilities: Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message (CVE-2014-4907). Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching share/pnp/application/views/kohana_error_page.php or share/pnp/application/views/template.php, leading to improper handling within an http-equiv='refresh' META element (CVE-2014-4908). Affected Software/OS: 'pnp4nagios' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4907 BugTraq ID: 68350 http://www.securityfocus.com/bid/68350 http://openwall.com/lists/oss-security/2014/07/11/3 http://secunia.com/advisories/59535 http://secunia.com/advisories/59603 Common Vulnerability Exposure (CVE) ID: CVE-2014-4908 BugTraq ID: 68352 http://www.securityfocus.com/bid/68352 http://secunia.com/advisories/58973
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.