Candidate: CVE-2011-2477
PublicDate: 2011-06-14 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2477
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in config.c in
 config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow
 remote attackers to inject arbitrary web script or HTML via a JavaScript
 expression, as demonstrated by the onload attribute of a BODY element
 located after a check-host-alive! sequence, a different vulnerability than
 CVE-2011-2179.
Ubuntu-Description:
Notes:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS: 

Patches_icinga:
 upstream: https://dev.icinga.org/issues/1605
upstream_icinga: released (1.4.1)
hardy_icinga: DNE
lucid_icinga: DNE
maverick_icinga: ignored (reached end-of-life)
natty_icinga: ignored (reached end-of-life)
oneiric_icinga: not-affected (1.4.1-1)
precise_icinga: not-affected (1.4.1-1)
quantal_icinga: not-affected (1.4.1-1)
devel_icinga: not-affected (1.4.1-1)