Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
f89dda035b10b7cb0cea37643164ca192f767b587a8cd37c87951f667973bff8Ubuntu Security Notice 1151-1 - Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
dbddcfca89b20def2a2289fede61c28c8b2da56d5deb5a9dbc9249b874d0c56f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed