Описание
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Ссылки
- Release NotesVendor Advisory
- Product
- Release NotesVendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:nagios:nagios:2.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07329
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
EPSS
Процентиль: 91%
0.07329
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79