Back to search
CVE-2011-2179
Published: Jun 14, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20110601 Cross-Site Scripting vulnerability in Nagios
mailing-list
x_refsource_BUGTRAQ
icinga-expand-xss(67797)
vdb-entry
x_refsource_XF
8274
third-party-advisory
x_refsource_SREASON
48087
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=709871
x_refsource_CONFIRM
http://tracker.nagios.org/view.php?id=224
x_refsource_CONFIRM
[oss-security] 20110601 CVE request: XSS in nagios
mailing-list
x_refsource_MLIST
http://www.rul3z.de/advisories/SSCHADV2011-006.txt
x_refsource_MISC
[oss-security] 20110602 Re: CVE request: XSS in nagios
mailing-list
x_refsource_MLIST
https://dev.icinga.org/issues/1605
x_refsource_CONFIRM
44974
third-party-advisory
x_refsource_SECUNIA
http://www.rul3z.de/advisories/SSCHADV2011-005.txt
x_refsource_MISC
USN-1151-1
vendor-advisory
x_refsource_UBUNTU
20110601 Cross-Site Scripting vulnerability in Icinga
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now