Описание
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Ссылки
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Уязвимость модуля Business Process Intelligence (BPI) инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю выполнить произвольный код
EPSS
5.4 Medium
CVSS3