Package: nagios2 Version: 2.6-3 Tags: security Severity: important The Nagios web front end does not HTML-escape status strings reported by monitored services. As a result, these services can perform the usual cross-site scripting attacks, or worse. compromise the browser and gain access to the management network.
(I don't think this bug should be RC for etch, hence the severity.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
