[Pkg-nagios-devel] Bug#416814: Cross-site scripting vulnerability
Florian Weimer
fw at deneb.enyo.de
Fri Mar 30 14:19:26 UTC 2007
Package: nagios2
Version: 2.6-3
Tags: security
Severity: important
The Nagios web front end does not HTML-escape status strings reported
by monitored services. As a result, these services can perform the
usual cross-site scripting attacks, or worse. compromise the browser
and gain access to the management network.
(I don't think this bug should be RC for etch, hence the severity.)
More information about the Pkg-nagios-devel
mailing list