Описание
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Ссылки
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2009 (включая)
Одно из
cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.1:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.2:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.3:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.4:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.5:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.6:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.7:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios_xi:2011:r1.8:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00503
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
3 месяца назад
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
EPSS
Процентиль: 66%
0.00503
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79