Summary
This host is running Nagios and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Nagios version 3.3.1 or later.
For updates refer to http://www.nagios.org/
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'layer' parameter to cgi-bin/statusmap.cgi, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
Nagios versions 3.2.3 and prior.
References
Severity
Classification
-
CVE CVE-2011-1523 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Allaire JRun directory browsing vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability