Описание
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Ссылки
- Release Notes
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Уязвимость компонента Executive Summary Report инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю выполнить произвольный код
EPSS
5.4 Medium
CVSS3