CVE-2015-8010 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-8010 Interim 1 12 2024-11-20T03:35:46Z current 2021-05-30T13:34:39Z 2024-11-20T03:35:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-8010 Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-November/004828.html E-Mail link for SUSE-SU-2018:3620-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3Q6N4F4EAYSJ6FNMJTKIZZZLPGW4MV2P/#3Q6N4F4EAYSJ6FNMJTKIZZZLPGW4MV2P E-Mail link for openSUSE-SU-2017:0146-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IYDTKTNW6AJIKWLKJSYIEMSAQGFCFOXH/#IYDTKTNW6AJIKWLKJSYIEMSAQGFCFOXH E-Mail link for openSUSE-SU-2018:3258-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Manager Client Tools 12 icinga-1.13.3-12.3.1 icinga-devel-1.13.3-12.3.1 icinga-doc-1.13.3-12.3.1 icinga-idoutils-1.13.3-12.3.1 icinga-idoutils-mysql-1.13.3-12.3.1 icinga-idoutils-oracle-1.13.3-12.3.1 icinga-idoutils-pgsql-1.13.3-12.3.1 icinga-plugins-downtimes-1.13.3-12.3.1 icinga-plugins-eventhandlers-1.13.3-12.3.1 icinga-www-1.13.3-12.3.1 icinga-www-config-1.13.3-12.3.1 monitoring-tools-1.13.3-12.3.1 icinga-1.13.3-12.3.1 as a component of SUSE Enterprise Storage 4 icinga-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-devel-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-doc-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-mysql-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-oracle-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-idoutils-pgsql-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-plugins-downtimes-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-plugins-eventhandlers-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-www-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 icinga-www-config-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 monitoring-tools-1.13.3-12.3.1 as a component of SUSE Manager Client Tools 12 Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. CVE-2015-8010 SUSE Enterprise Storage 4:icinga-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-devel-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-doc-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-mysql-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-oracle-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-idoutils-pgsql-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-plugins-downtimes-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-plugins-eventhandlers-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-www-1.13.3-12.3.1 SUSE Manager Client Tools 12:icinga-www-config-1.13.3-12.3.1 SUSE Manager Client Tools 12:monitoring-tools-1.13.3-12.3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N