[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Nagios -- XSS in the network status
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2011-03-28 14:36:39
Message-ID: Pine.GSO.4.64.1103281036230.7261 () faron ! mitre ! org
[Download RAW message or body]
On Fri, 25 Mar 2011, Jan Lieskovsky wrote:
> Cross-site scripting (XSS) vulnerability in Nagios allows remote
> attackers to inject arbitrary web script or HTML via specially-crafted
> 'layer' parameter passed to the Nagios network status map CGI script
> (statusmap.cgi).
>
> References:
> [1] http://tracker.nagios.org/view.php?id=207
> [2] http://www.rul3z.de/advisories/SSCHADV2011-002.txt
> [3] http://secunia.com/advisories/43287/
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=690877
Use CVE-2011-1523
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic