Cross-Site Scripting in Nagios Core Affects Multiple Versions from Nagios Enterprises
CVE-2018-18245

5.4MEDIUM

Key Information:

Vendor

Nagios

Status
Nagios Core
Vendor
CVE Published:
17 December 2018

What is CVE-2018-18245?

Nagios Core version 4.4.2 is susceptible to a Cross-Site Scripting vulnerability through the alert summary reports generated by plugin results. An attacker can exploit this vulnerability by leveraging a modified check_load plugin, injecting a SCRIPT element, which may be executed in the context of the user's browser. This can lead to unauthorized actions being carried out on behalf of the user or exposure of sensitive information.

References

https://lists.debian.org/debian-lts-announce/2018/12/msg0...
mailing-listx_refsource_MLIST
https://herolab.usd.de/wp-content/uploads/sites/4/2018/12...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.