{"id":"CVE-2014-4329","details":"Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.","modified":"2024-09-18T02:12:59.562582Z","published":"2014-06-19T10:50:05Z","withdrawn":"2024-12-09T18:56:24.152514Z","references":[{"type":"ADVISORY","url":"http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/127329/Ntop-NG-1.1-Cross-Site-Scripting.html"},{"type":"REPORT","url":"https://svn.ntop.org/bugzilla/show_bug.cgi?id=379"},{"type":"WEB","url":"http://www.securityfocus.com/bid/66456"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/92135"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2014-4329"}],"affected":[{"package":{"name":"ntopng","ecosystem":"Debian:13","purl":"pkg:deb/debian/ntopng?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0+dfsg1-1"}]}],"versions":["1.1+dfsg2-1","1.1+dfsg2-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-4329.json"}}],"schema_version":"1.7.3"}