Loading
Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410.
Cite this page
CVE-2014-6254. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2014-6254
Use CWE-79, Zenoss vendor hub and Zenoss Core product page to widen CVE-2014-6254 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2014-6261, CVE-2014-6262 and CVE-2014-9249 for nearby disclosures in the same product family.