Cross-site scripting (XSS) vulnerability in Nagios allows remote
attackers to inject arbitrary web script or HTML via specially-crafted
'layer' parameter passed to the Nagios network status map CGI script
Public PoC (from [2):
http://site/nagios/cgi-bin/statusmap.cgi?layer=' onmouseover="alert('XSS')" '
This issue affects the version of the nagios package, as shipped
with Red Hat HPC Solution.
This issue affects the versions of the nagios package, as shipped
with Fedora release of 13 and 14.
This issue affects the versions of the nagios package, as present
within EPEL-4, EPEL-5, and EPEL-6 repositories.
Please schedule an update.
Created nagios tracking bugs for this issue
Affects: epel-4 [bug 690878]
Affects: epel-5 [bug 690879]
Affects: epel-6 [bug 690880]
Affects: fedora-all [bug 690881]
The CVE identifier of CVE-2011-1523 has been assigned to this issue
This issue affects the Red Hat HPC Solution which is End of Life. For more information please refer to: