Your submission was sent successfully! Close

CVE-2015-8010

Published: 27 March 2017

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.13.4-2build1)
cosmic Not vulnerable
(1.13.4-2build1)
disco Not vulnerable
(1.13.4-2build1)
eoan Not vulnerable
(1.13.4-2build1)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream
Released (1.13.3-3, 1.13.4-2, 1.14.2+ds-3)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff