It was reported [1],[2] that an XSS vulnerability exists in Nagios when viewing the configuration and using command expansion, as there is no input validation for "expand" in config.c(gi): View Config -> Command Expansion -> To expand -> <script>alert(String.fromCharCode(88,83,83))</script> View Config -> Command Expansion -> To expand -> <body onload=alert(666)> or http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<script>alert(String.fromCharCode(88,83,83))</script> [^] http://www.example.com/nagios/cgi-bin/config.cgi?type=command&expand=<body [^] onload=alert(666)> [1] http://tracker.nagios.org/view.php?id=224 [2] http://seclists.org/bugtraq/2011/Jun/17
Created nagios tracking bugs for this issue Affects: fedora-all [bug 709874] Affects: epel-6 [bug 690880]
The CVE identifier of CVE-2011-2179 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2011/06/02/6
Upstream patch: http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=1741