Icinga Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Icinga and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Icinga version 1.4.0 or later. For updates refer to http://www.icinga.org/download/

Insight

- Input appended to the URL after 'cgi-bin/status.cgi' and 'cgi-bin/notifications.cgi' is not properly sanitised before being returned to the user. - Input passed via the 'layer' parameter to 'cgi-bin/statusmap.cgi' is not properly sanitised before being returned to the user.

Affected

Icinga versions 1.3.0 and prior.

References

http://secunia.com/advisories/43643

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
/doc directory browsable ?
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Struts2 showcase namespace XSS Vulnerability

Take action and discover your vulnerabilities