Published: 14/06/2011 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga prior to 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
icinga icinga 1.3.1
icinga icinga 1.0.2
icinga icinga 0.8.1
icinga icinga 0.8.0
icinga icinga
icinga icinga 1.3.0
icinga icinga 1.0.1
icinga icinga 1.0
nagios nagios 3.2.3
icinga icinga 0.8.4
icinga icinga 1.0.3
icinga icinga 1.2.0
icinga icinga 1.2.1
icinga icinga 0.8.3
icinga icinga 0.8.2

Debian Bug report logs - #629127 several XSS issues Package: nagios3; Maintainer for nagios3 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for nagios3 is src:nagios3 (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Fri, 3 Jun 2011 18:15:01 UTC Seve ...

An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios ...

Multiple cross-site scripting (XSS) vulnerabilities in configc in configcgi in (1) Nagios 323 and (2) Icinga before 141 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action ...

Check Point Reference: CPAI-2011-0746 Date Published: 27 Mar 2024 Severity: Medium ...

source: wwwsecurityfocuscom/bid/48087/info Nagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to st ...

CWE-79 http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html https://bugzilla.redhat.com/show_bug.cgi?id=709871 http://tracker.nagios.org/view.php?id=224 http://www.rul3z.de/advisories/SSCHADV2011-006.txt http://www.openwall.com/lists/oss-security/2011/06/02/6 http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html http://www.openwall.com/lists/oss-security/2011/06/01/10 http://www.rul3z.de/advisories/SSCHADV2011-005.txt https://dev.icinga.org/issues/1605 http://secunia.com/advisories/44974 http://www.ubuntu.com/usn/USN-1151-1 http://www.securityfocus.com/bid/48087 http://securityreason.com/securityalert/8274 https://exchange.xforce.ibmcloud.com/vulnerabilities/67797 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629127 https://usn.ubuntu.com/1151-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/35818/

CVE-2011-2179

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect