Nagios 'layer' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Nagios and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Nagios version 3.3.1 or later. For updates refer to http://www.nagios.org/

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'layer' parameter to cgi-bin/statusmap.cgi, which allows attackers to execute arbitrary HTML and script code on the web server.

Affected

Nagios versions 3.2.3 and prior.

References

http://packetstormsecurity.org/files/view/99164/SSCHADV2011-002.txt
http://secunia.com/advisories/43287
http://tracker.nagios.org/view.php?id=207

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1523

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ Source Code Information Disclosure Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
Apache Open For Business HTML injection vulnerability

Take action and discover your vulnerabilities