{"vuid":"VU#268662","idnumber":"268662","name":"NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability","keywords":["NagiosQL","XSS","cross-site scripting","CWE-79"],"overview":"NagiosQL 3.2 Service Pack 2 and possibly earlier versions contain a reflected cross-site scripting vulnerability (CWE-79).","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') NagiosQL 3.2 Service Pack 2 and possibly earlier versions contain a reflected cross-site scripting vulnerability. An attacker can inject arbitrary HTML content (including script) via the vulnerable txtSearch parameter.","impact":"A remote unauthenticated attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service.","resolution":"Apply an Update NagiosQL has advised users to apply a security hotfix to address this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to William Costa for reporting this vulnerability.","author":"This document was written by Adam Rauf.","public":["http://cwe.mitre.org/data/definitions/79.html","http://www.nagiosql.org/","http://www.nagiosql.org/forum8/solved-issues/3270-security-hotfix-for-nagiosql-3-2-sp2.html#3690"],"cveids":["CVE-2013-6039"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-11-01T12:52:17Z","publicdate":"2013-12-03T00:00:00Z","datefirstpublished":"2013-12-05T19:37:57Z","dateupdated":"2014-07-24T22:58:44Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.4","cvss_environmentalscore":"0.84096704034","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}