darksecurity.de | Entries from Saturday, March 12. 2011

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga

Posted by on Saturday, March 12. 2011

Advisory:	Cross-Site Scripting vulnerability in Icinga
Advisory ID:	SSCHADV2011-003
Author:	Stefan Schurtz
Affected Software:	Successfully tested on: icinga-1.3.0 / icinga-1.2.1
Vendor URL:	http://www.icinga.org
Vendor Status:	statusmap.cgi: fixed XSS vulnerability #1281 Target version set to 1.4
OSVDB-ID:	71052

======================
Vulnerability Description:
======================

This is a Cross-Site Scripting vulnerability

JavaScript can be included in style sheets by using "expression()" (IE only)

==============
Technical Details:
==============

Continue reading "SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga"