CVE-2011-1523
Nagios < 3.2.3 - Cross-Site Scripting via statusmap.cgi layer Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8241
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43287
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=690877
Exploit x_refsource_misc
http://tracker.nagios.org/view.php?id=207
Exploit x_refsource_misc
http://www.rul3z.de/advisories/SSCHADV2011-002.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44974
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/25/3
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1151-1
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/03/28/4
Scores
EPSS
0.0067
EPSS Percentile
71.6%
Details
CWE
CWE-79
Status
published
Products (36)
nagios/nagios
1.0
nagios/nagios
1.0_b1
nagios/nagios
1.0_b2
nagios/nagios
1.0_b3
nagios/nagios
1.0b1
nagios/nagios
1.0b2
nagios/nagios
1.0b3
nagios/nagios
1.0b4
nagios/nagios
1.0b5
nagios/nagios
1.0b6
... and 26 more
Published
May 03, 2011
Tracked Since
Feb 18, 2026