Описание
Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to insufficient output encoding (XSS), and (2) cause the server to fetch attacker-specified URLs (SSRF), potentially accessing internal network resources. An unauthenticated remote attacker can leverage these issues to execute script in a user's browser when the exported content is viewed and to disclose sensitive information reachable from the export server via SSRF.
Ссылки
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to insufficient output encoding (XSS), and (2) cause the server to fetch attacker-specified URLs (SSRF), potentially accessing internal network resources. An unauthenticated remote attacker can leverage these issues to execute script in a user's browser when the exported content is viewed and to disclose sensitive information reachable from the export server via SSRF.
Уязвимость библиотеки для построения диаграмм Highcharts инструмента для мониторинга Nagios XI, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
EPSS
6.1 Medium
CVSS3