Описание
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Ссылки
- Product
- Third Party Advisory
- Vendor Advisory
- Product
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Уязвимость компонента Custom Logo («Пользовательский логотип») инструмента для мониторинга Nagios XI, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
5.4 Medium
CVSS3