CVE-2015-8010

Priority
Description
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV
export link and pagination feature in Icinga before 1.14 allows remote
attackers to inject arbitrary web script or HTML via the query string to
cgi-bin/status.cgi.
Notes
Package
Upstream:released (1.13.3-3, 1.13.4-2, 1.14.2+ds-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.13.4-2build1)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Patches:
Upstream:https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
More Information

Updated: 2020-07-28 18:29:37 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)