Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga prior to 1.14 allows remote malicious users to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icinga icinga |
||
opensuse leap 42.2 |
||
opensuse project leap 42.1 |