exploitDog

CVE-2019-20139

Опубликовано: 30 дек. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

Ссылки

https://code610.blogspot.com/2019/12/multiple-xss-bugs-in-nagios-569.html
Exploit
Third Party Advisory
https://code610.blogspot.com/2019/12/multiple-xss-bugs-in-nagios-569.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:5.6.9:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08324

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vxr3-fcvj-wxgq

github

больше 3 лет назад

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

EPSS

Процентиль: 92%

0.08324

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79