CVE-2011-2477

Name of the Vulnerable Software and Affected Versions Icinga versions prior to 1.4.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via a JavaScript expression. This can be achieved by exploiting the onload attribute of a BODY element, for instance, when it is located after a check-host-alive! sequence. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider enabling the escape html tags option to minimize the risk of exploitation.