CVE-2013-6039

Name of the Vulnerable Software and Affected Versions NagiosQL version 3.2 SP2

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to various pages, including 'admin/hostdependencies.php' and 'admin/hosts.php', which utilize the search functionality in 'functions/content class.php'.

Recommendations For NagiosQL version 3.2 SP2, consider restricting access to the search functionality in 'functions/content class.php' until a patch is available. Avoid using the txtSearch parameter in affected API endpoints, such as 'admin/hostdependencies.php' and 'admin/hosts.php', to minimize the risk of exploitation.