Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8010

Опубликовано: 27 мар. 2017
Источник: debian

Описание

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
icingafixed1.13.3-3package
icingano-dsajessiepackage
icingano-dsawheezypackage
icinganot-affectedsqueezepackage

Примечания

  • Introduced by: https://dev.icinga.org/issues/593 in 1.3.

  • Upstream issue: https://dev.icinga.org/issues/10453

  • Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff

  • https://www.openwall.com/lists/oss-security/2015/10/23/15

Связанные уязвимости

ubuntu логотип

CVE-2015-8010

CVSS3: 6.1
ubuntu
почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

nvd логотип

CVE-2015-8010

CVSS3: 6.1
nvd
почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

github логотип

GHSA-x57r-7jqf-5w9p

CVSS3: 6.1
github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

suse-cvrf логотип

openSUSE-SU-2017:0146-1

suse-cvrf
около 9 лет назад

Security update for icinga

suse-cvrf логотип

openSUSE-SU-2018:3258-1

suse-cvrf
больше 7 лет назад

Security update for icinga