{"id":"UBUNTU-CVE-2015-8010","details":"Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.","modified":"2025-10-24T04:45:29Z","published":"2017-03-27T17:59:00Z","upstream":["CVE-2015-8010"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8010"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2015/10/23/15"},{"type":"REPORT","url":"https://dev.icinga.org/issues/10453"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-8010"}],"affected":[{"package":{"name":"icinga","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/icinga@1.13.3-2ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.13.3-1","1.13.3-2","1.13.3-2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"icinga","binary_version":"1.13.3-2ubuntu0.1"},{"binary_name":"icinga-cgi","binary_version":"1.13.3-2ubuntu0.1"},{"binary_name":"icinga-cgi-bin","binary_version":"1.13.3-2ubuntu0.1"},{"binary_name":"icinga-common","binary_version":"1.13.3-2ubuntu0.1"},{"binary_name":"icinga-core","binary_version":"1.13.3-2ubuntu0.1"},{"binary_name":"icinga-idoutils","binary_version":"1.13.3-2ubuntu0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8010.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}