oss-sec mailing list archives

Re: CVE Request -- Nagios -- XSS in the network status map CGI script

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 28 Mar 2011 10:36:39 -0400 (EDT)


On Fri, 25 Mar 2011, Jan Lieskovsky wrote:

 Cross-site scripting (XSS) vulnerability in Nagios allows remote
attackers to inject arbitrary web script or HTML via specially-crafted
'layer' parameter passed to the Nagios network status map CGI script
(statusmap.cgi).

References:
[1] http://tracker.nagios.org/view.php?id=207
[2] http://www.rul3z.de/advisories/SSCHADV2011-002.txt
[3] http://secunia.com/advisories/43287/
[4] https://bugzilla.redhat.com/show_bug.cgi?id=690877



Use CVE-2011-1523

- Steve

Current thread:

CVE Request -- Nagios -- XSS in the network status map CGI script Jan Lieskovsky (Mar 25)
- Re: CVE Request -- Nagios -- XSS in the network status map CGI script Steven M. Christey (Mar 28)