Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga prior to 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icinga icinga 1.3.1 |
||
icinga icinga 1.0.2 |
||
icinga icinga 0.8.1 |
||
icinga icinga 0.8.0 |
||
icinga icinga |
||
icinga icinga 1.3.0 |
||
icinga icinga 1.0.1 |
||
icinga icinga 1.0 |
||
nagios nagios 3.2.3 |
||
icinga icinga 0.8.4 |
||
icinga icinga 1.0.3 |
||
icinga icinga 1.2.0 |
||
icinga icinga 1.2.1 |
||
icinga icinga 0.8.3 |
||
icinga icinga 0.8.2 |