CVE-2011-2179
Public on 2011-06-14
Modified on 2014-09-14
Description
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | nagios | 2012-03-04 | ALAS-2012-50 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |