CVE-2011-2179 in Icingainfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

05/31/2011

Disclosure

06/14/2011

Moderation

VulDB entry created

Entries

VDB-57655 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.30062

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2179
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2179
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2179/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!