CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
90.6%
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Vendor | Product | Version | CPE |
---|---|---|---|
icinga | icinga | * | cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:* |
icinga | icinga | 0.8.0 | cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:* |
icinga | icinga | 0.8.1 | cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:* |
icinga | icinga | 0.8.2 | cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:* |
icinga | icinga | 0.8.3 | cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:* |
icinga | icinga | 0.8.4 | cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:* |
icinga | icinga | 1.0 | cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:* |
icinga | icinga | 1.0 | cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:* |
icinga | icinga | 1.0.1 | cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:* |
icinga | icinga | 1.0.2 | cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2011-06/0017.html
archives.neohapsis.com/archives/bugtraq/2011-06/0018.html
secunia.com/advisories/44974
securityreason.com/securityalert/8274
tracker.nagios.org/view.php?id=224
www.openwall.com/lists/oss-security/2011/06/01/10
www.openwall.com/lists/oss-security/2011/06/02/6
www.rul3z.de/advisories/SSCHADV2011-005.txt
www.rul3z.de/advisories/SSCHADV2011-006.txt
www.securityfocus.com/bid/48087
www.ubuntu.com/usn/USN-1151-1
bugzilla.redhat.com/show_bug.cgi?id=709871
dev.icinga.org/issues/1605
exchange.xforce.ibmcloud.com/vulnerabilities/67797