Candidate: CVE-2017-6393
PublicDate: 2017-03-02 06:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6393
Description:
 An issue was discovered in NagVis 1.9b12. The vulnerability exists due to
 insufficient filtration of user-supplied data passed to the
 "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker
 could execute arbitrary HTML and script code in a browser in the context of
 the vulnerable website.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/NagVis/nagvis/issues/91
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_nagvis:
upstream_nagvis: released (1:1.9.10-1)
precise_nagvis: ignored (reached end-of-life)
precise/esm_nagvis: DNE (precise was needed)
trusty_nagvis: not-affected (code not present)
trusty/esm_nagvis: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_nagvis: DNE
vivid/ubuntu-core_nagvis: DNE
xenial_nagvis: not-affected (code not present)
yakkety_nagvis: ignored (reached end-of-life)
zesty_nagvis: ignored (reached end-of-life)
artful_nagvis: ignored (reached end-of-life)
bionic_nagvis: not-affected (code not present)
cosmic_nagvis: not-affected (code not present)
devel_nagvis: not-affected (1:1.9.10-1)