Test ID:	1.3.6.1.4.1.25623.1.0.801895
Category:	Web application abuses
Title:	Icinga 'expand' Parameter Cross-Site Scripting Vulnerability
Summary:	Icinga is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Icinga is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input passed via the 'expand' parameter in cgi-bin/config.cgi, which allows attackers to execute arbitrary HTML and script code on the web server. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Icinga versions 1.4.0 and prior. Solution: Upgrade to Icinga versions 1.4.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2179 20110601 Cross-Site Scripting vulnerability in Icinga http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html 20110601 Cross-Site Scripting vulnerability in Nagios http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html 44974 http://secunia.com/advisories/44974 48087 http://www.securityfocus.com/bid/48087 8274 http://securityreason.com/securityalert/8274 USN-1151-1 http://www.ubuntu.com/usn/USN-1151-1 [oss-security] 20110601 CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/01/10 [oss-security] 20110602 Re: CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/02/6 http://tracker.nagios.org/view.php?id=224 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://www.rul3z.de/advisories/SSCHADV2011-006.txt https://bugzilla.redhat.com/show_bug.cgi?id=709871 https://dev.icinga.org/issues/1605 icinga-expand-xss(67797) https://exchange.xforce.ibmcloud.com/vulnerabilities/67797
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.