CVE-2015-8010

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 42.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icinga Icinga Opensuse Leap Opensuse Project Leap

Timeline

PublishedMar 27

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDicinga/icinga1.13.4

▶NVDopensuse/leap42.2

▶NVDopensuse_project/leap42.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-x57r-7jqf-5w9p: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1↗2022-05-14

▶

OSV

CVE-2015-8010: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1↗2017-03-27

▶

CVEList

CVE-2015-8010: Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1↗2017-03-27

▶