'Re: [oss-security] CVE Request -- Nagios -- XSS in the network status'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- Nagios -- XSS in the network status
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2011-03-28 14:36:39
Message-ID: Pine.GSO.4.64.1103281036230.7261 () faron ! mitre ! org
[Download RAW message or body]

On Fri, 25 Mar 2011, Jan Lieskovsky wrote:

>  Cross-site scripting (XSS) vulnerability in Nagios allows remote
> attackers to inject arbitrary web script or HTML via specially-crafted
> 'layer' parameter passed to the Nagios network status map CGI script
> (statusmap.cgi).
>
> References:
> [1] http://tracker.nagios.org/view.php?id=207
> [2] http://www.rul3z.de/advisories/SSCHADV2011-002.txt
> [3] http://secunia.com/advisories/43287/
> [4] https://bugzilla.redhat.com/show_bug.cgi?id=690877

Use CVE-2011-1523

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic