{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20110601 Cross-Site Scripting vulnerability in Nagios", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"name": "icinga-expand-xss(67797)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}, {"name": "8274", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8274"}, {"name": "48087", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48087"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"name": "[oss-security] 20110601 CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"name": "[oss-security] 20110602 Re: CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://dev.icinga.org/issues/1605"}, {"name": "44974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44974"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"name": "USN-1151-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"name": "20110601 Cross-Site Scripting vulnerability in Icinga", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:53:17.162Z"}, "title": "CVE Program Container", "references": [{"name": "20110601 Cross-Site Scripting vulnerability in Nagios", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"name": "icinga-expand-xss(67797)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}, {"name": "8274", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8274"}, {"name": "48087", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48087"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"name": "[oss-security] 20110601 CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"name": "[oss-security] 20110602 Re: CVE request: XSS in nagios", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://dev.icinga.org/issues/1605"}, {"name": "44974", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44974"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"name": "USN-1151-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"name": "20110601 Cross-Site Scripting vulnerability in Icinga", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2179", "datePublished": "2011-06-14T17:00:00", "dateReserved": "2011-05-31T00:00:00", "dateUpdated": "2024-08-06T22:53:17.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*", "matchCriteriaId": "10436D2F-3CCB-4ED6-9327-3CD6BA5E43D5", "versionEndIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D65D942-0560-42B0-BAF8-D6B8C4237558", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CF3E50F-0DF1-44C1-9E7D-E3AE9BBAC5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F87DFD18-B038-4E18-889A-FCADDC7E9C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "B9B482D1-BB5D-41CC-A330-214F1EC9BD43", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "6EB99BAF-6CF9-4F61-A86B-91F4DAE20F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B65BD554-2D66-4237-8829-EC5CFD374E4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "51CBC3F4-EB90-462D-B840-71DB9E8E3667", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "719B37F6-4D3A-4922-B58D-536A775D42D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7890303A-21C3-47B8-86AF-1B07A01C9AE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CED3BF83-92C3-4324-BC6E-722309A8787B", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5F7F451-E7AA-4C84-874D-7C7E5C162DEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5250AED-B86C-4415-A274-7DD9659F40D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6E333C3-C264-41C9-B358-97A3F62C649D", "vulnerable": true}, {"criteria": "cpe:2.3:a:icinga:icinga:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "BEAD9B4E-66B1-4E82-8A6F-B46A4F0A61D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:nagios:nagios:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "4584E0CD-A0F9-4AD1-ACC5-800E38F5DD59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro expand, como se demuestra por (a) la acci\u00f3n command o (b) una acci\u00f3n hosts."}], "id": "CVE-2011-2179", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-06-14T17:55:06.437", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/44974"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/8274"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/48087"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://dev.icinga.org/issues/1605"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://tracker.nagios.org/view.php?id=224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/06/01/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/06/02/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-006.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1151-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://dev.icinga.org/issues/1605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67797"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}