Vulners
Lucene search
Icinga 1.3.0 / 1.2.1 Cross Site Scripting
🗓️ 08 Mar 2011 00:00:00Reported by Stefan SchurtzType 
packetstorm🔗 packetstormsecurity.com👁 16 Views
`Advisory: Cross-Site Scripting vulnerabilities in Icinga
Advisory ID: SSCHADV2011-001
Author: Stefan Schurtz
Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1
Vendor URL: http://www.icinga.org
Vendor Status: fixed csv export link to make it XSS save (IE) #1275
CVE-ID: -
==========================
Vulnerability Description:
==========================
This is Cross-Site Scripting vulnerability
==================
Technical Details:
==================
No input validation for "QUERY_STRING"
Problem in "status.c"
http://site/icinga/cgi-bin/status.cgi?'</style></script><script>alert('XSS')</script>
http://site/icinga/cgi-bin/status.cgi?'</style></script><script>alert('XSS')</script><A HREF='status.cgi
/* add export to csv link */
if(getenv("QUERY_STRING")!=NULL) {
printf("<td valign=bottom width=33%%><div class='csv_export_link'><a href='%s?%s&csvoutput' target='_blank'>Export to CSV</a></div></td>n",STATUS_CGI,strdup(getenv("QUERY_STRING")));
} else {
printf("<td valign=bottom width=33%%><div class='csv_export_link'><a href='%s?csvoutput' target='_blank'>Export to CSV</a></div></td>n",STATUS_CGI);
Problem in "notification.c"
http://site/icinga/cgi-bin/notifications.cgi?'</style></script><script>alert('XSS')</script>
http://site/icinga/cgi-bin/notifications.cgi?'</style></script><script>alert('XSS')</script><A HREF='notifications.cgi
if(getenv("QUERY_STRING")!=NULL) {
printf("<TR><TD colspan='7'><DIV class='csv_export_link'><A HREF='%s?%s&csvoutput' target='_blank'>Export to CSV</A></DIV></TD></TR>n",NOTIFICATIONS_CGI,strdup(getenv("QUERY_STRING")));
} else {
printf("<TR><TD colspan='7'><DIV class='csv_export_link'><A HREF='%s?csvoutput' target='_blank'>Export to CSV</A></DIV></TD></TR>n",NOTIFICATIONS_CGI);
}
=========
Solution:
=========
ID: 90c2209dfc7b8b6a174f46eb5d2a87d1a9789383
https://dev.icinga.org/projects/icinga-core/repository/revisions/90c2209dfc7b8b6a174f46eb5d2a87d1a9789383/diff
fixed csv export link to make it XSS save (IE) #1275
====================
Disclosure Timeline:
====================
04-Mar-2011 - informed developers
07-Mar-2011 - Bug 1275 - make csv export link XSS save - on "Icinga Development Mailinglist"
07-Mar-2011 - informed DFN-CERT - [email protected]
07-Mar-2011 - Release date of this security advisory
07-Mar-2011 - developers fixed csv export link to make it XSS save (IE) #1275
========
Credits:
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.icinga.org
http://www.rul3z.de/advisories/SSCHADV2011-001.txt
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4