Skip to content

SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga

Advisory: Cross-Site Scripting vulnerability in Icinga
Advisory ID: SSCHADV2011-003
Author: Stefan Schurtz
Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1
Vendor URL: http://www.icinga.org
Vendor Status:
statusmap.cgi: fixed XSS vulnerability #1281
Target version set to 1.4
OSVDB-ID: 71052
 
======================
Vulnerability Description:
======================

This is a Cross-Site Scripting vulnerability

JavaScript can be included in style sheets by using "expression()" (IE only)

==============
Technical Details:
==============
Continue reading "SSCHADV2011-003 - Cross-Site Scripting vulnerability in Icinga"

SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios

 
Advisory:  Cross-Site Scripting vulnerability in Nagios
Advisory ID:  SSCHADV2011-002
Author:  Stefan Schurtz
Affected Software: Successfully tested on: nagios-3.2.0 / nagios-3.2.3
Vendor URL: http://www.nagios.org
Vendor Status: fixed
CVE-ID: 2011-1523
OSVDB-ID: 71059
 
======================
Vulnerability Description:
======================
 
This is a Cross-Site Scripting vulnerability
 
JavaScript can be included in style sheets by using "expression()" (IE only)
 
==============
Technical Details:
==============
 

 

Continue reading "SSCHADV2011-002 - Cross-Site Scripting vulnerability in Nagios"

SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga

            
Advisory: 
Cross-Site Scripting vulnerabilities in Icinga
Advisory ID: 
SSCHADV2011-001
Author: 
Stefan Schurtz
Affected Software: Successfully tested on icinga-1.3.0 / icinga-1.2.1
Vendor URL: http://www.icinga.org
Vendor Status:
fixed csv export link to make it XSS save (IE) #1275
OSVDB-ID: 71050

======================
Vulnerability Description:
======================

This is Cross-Site Scripting vulnerability

==============
Technical Details:
==============
 
Continue reading "SSCHADV2011-001 - Cross-Site Scripting vulnerabilities in Icinga"
Imprint | Contact | Privacy Statement