CVE-2011-1523 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-1523 Interim 1 16 2023-02-15T02:29:02Z current 2021-05-30T12:57:08Z 2023-02-15T02:29:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-1523 Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2011-07/msg00033.html E-Mail link for openSUSE-SU-2011:0833-1 https://lists.opensuse.org/opensuse-updates/2011-07/msg00034.html E-Mail link for openSUSE-SU-2011:0836-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 openSUSE Tumbleweed nagios-3.0.6-1.23.1 nagios-3.0.6-1.25.24.1 nagios-3.0.6-1.25.28.1 nagios-3.0.6-1.25.36.1 nagios-4.4.6-2.5 nagios-contrib-4.4.6-2.5 nagios-devel-3.0.6-1.25.36.1 nagios-devel-4.4.6-2.5 nagios-theme-exfoliation-4.4.6-2.5 nagios-www-3.0.6-1.23.1 nagios-www-3.0.6-1.25.24.1 nagios-www-3.0.6-1.25.28.1 nagios-www-3.0.6-1.25.36.1 nagios-www-4.4.6-2.5 nagios-www-dch-4.4.6-2.5 nagios-3.0.6-1.23.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-www-3.0.6-1.23.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA nagios-3.0.6-1.25.24.1 as a component of SUSE Linux Enterprise Server 11 SP2 nagios-www-3.0.6-1.25.24.1 as a component of SUSE Linux Enterprise Server 11 SP2 nagios-3.0.6-1.25.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 nagios-www-3.0.6-1.25.28.1 as a component of SUSE Linux Enterprise Server 11 SP3 nagios-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-www-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Server 11 SP4 nagios-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-devel-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-www-3.0.6-1.25.36.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 nagios-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-contrib-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-devel-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-theme-exfoliation-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-4.4.6-2.5 as a component of openSUSE Tumbleweed nagios-www-dch-4.4.6-2.5 as a component of openSUSE Tumbleweed Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. CVE-2011-1523 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-3.0.6-1.23.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:nagios-www-3.0.6-1.23.1 SUSE Linux Enterprise Server 11 SP2:nagios-3.0.6-1.25.24.1 SUSE Linux Enterprise Server 11 SP2:nagios-www-3.0.6-1.25.24.1 SUSE Linux Enterprise Server 11 SP3:nagios-3.0.6-1.25.28.1 SUSE Linux Enterprise Server 11 SP3:nagios-www-3.0.6-1.25.28.1 SUSE Linux Enterprise Server 11 SP4:nagios-3.0.6-1.25.36.1 SUSE Linux Enterprise Server 11 SP4:nagios-www-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-devel-3.0.6-1.25.36.1 SUSE Linux Enterprise Software Development Kit 11 SP4:nagios-www-3.0.6-1.25.36.1 openSUSE Tumbleweed:nagios-4.4.6-2.5 openSUSE Tumbleweed:nagios-contrib-4.4.6-2.5 openSUSE Tumbleweed:nagios-devel-4.4.6-2.5 openSUSE Tumbleweed:nagios-theme-exfoliation-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-4.4.6-2.5 openSUSE Tumbleweed:nagios-www-dch-4.4.6-2.5 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N