CVE-2013-5943

Description

Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

How to fix CVE-2013-5943

To remediate CVE-2013-5943, upgrade the affected package to a fixed version below.

• Debian/graphite-web—upgrade to 0.9.12+debian-1 or later
• PyPI/graphite-web—upgrade to 0.9.11 or later

Is CVE-2013-5943 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.9.12+debian-1
• from 0, < 0.9.11

References (3)

• ADVISORYsecunia.com/advisories/54556
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-5943
• WEBgithub.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst