oss-sec mailing list archives
Re: CVE Request -- Nagios -- XSS in the network status map CGI script
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 28 Mar 2011 10:36:39 -0400 (EDT)
On Fri, 25 Mar 2011, Jan Lieskovsky wrote:
Cross-site scripting (XSS) vulnerability in Nagios allows remote attackers to inject arbitrary web script or HTML via specially-crafted 'layer' parameter passed to the Nagios network status map CGI script (statusmap.cgi). References: [1] http://tracker.nagios.org/view.php?id=207 [2] http://www.rul3z.de/advisories/SSCHADV2011-002.txt [3] http://secunia.com/advisories/43287/ [4] https://bugzilla.redhat.com/show_bug.cgi?id=690877
Use CVE-2011-1523 - Steve
Current thread:
- CVE Request -- Nagios -- XSS in the network status map CGI script Jan Lieskovsky (Mar 25)
- Re: CVE Request -- Nagios -- XSS in the network status map CGI script Steven M. Christey (Mar 28)