[Pkg-nagios-devel] Bug#416814: Cross-site scripting vulnerability

Florian Weimer fw at deneb.enyo.de
Fri Mar 30 14:19:26 UTC 2007


Package: nagios2
Version: 2.6-3
Tags: security
Severity: important

The Nagios web front end does not HTML-escape status strings reported
by monitored services.  As a result, these services can perform the
usual cross-site scripting attacks, or worse. compromise the browser
and gain access to the management network.

(I don't think this bug should be RC for etch, hence the severity.)




More information about the Pkg-nagios-devel mailing list