Exploitation Summary
EIP tracks 1 public exploit for CVE-2011-2179. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Nagios by injecting malicious JavaScript via the 'expand' parameter in the config.cgi script. The payloads trigger arbitrary script execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in Nagios by injecting malicious JavaScript via the 'expand' parameter in the config.cgi script. The payloads trigger arbitrary script execution in the context of the affected site.