CVE-2011-2179

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

Published: Jun 14, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2179
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
icinga / icinga	0.8.1	0.8.1.x
icinga / icinga	0.8.4	0.8.4.x
icinga / icinga	1.0.2	1.0.2.x
icinga / icinga	1.2.1	1.2.1.x
icinga / icinga	0.8.3	0.8.3.x
icinga / icinga	0.8.0	0.8.0.x
icinga / icinga	1.3.0	1.3.0.x
icinga / icinga	0.8.2	0.8.2.x
icinga / icinga	1.0.3	1.0.3.x
icinga / icinga	1.3.1	1.3.1.x
icinga / icinga	1.0	1.0.x
icinga / icinga	-	1.4.0.x
icinga / icinga	1.0-rc1	1.0-rc1.x
nagios / nagios	3.2.3	3.2.3.x
icinga / icinga	1.2.0	1.2.0.x
icinga / icinga	1.0.1	1.0.1.x

http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html
http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html
http://secunia.com/advisories/44974
http://securityreason.com/securityalert/8274
http://tracker.nagios.org/view.php?id=224
http://www.openwall.com/lists/oss-security/2011/06/01/10
http://www.openwall.com/lists/oss-security/2011/06/02/6
http://www.rul3z.de/advisories/SSCHADV2011-005.txt
http://www.rul3z.de/advisories/SSCHADV2011-006.txt
http://www.securityfocus.com/bid/48087
http://www.ubuntu.com/usn/USN-1151-1
https://bugzilla.redhat.com/show_bug.cgi?id=709871
https://dev.icinga.org/issues/1605
https://exchange.xforce.ibmcloud.com/vulnerabilities/67797

Vulnerability Database

289,697

CVE-2011-2179