Your submission was sent successfully! Close

CVE-2011-2477

Published: 14 June 2011

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.

Priority

Unknown

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.1)
Patches:
Upstream: https://dev.icinga.org/issues/1605