Self Authenticated XSS in Nagios Network Analyzer by Nagios
CVE-2021-28924

6.1MEDIUM

Key Information:

Vendor: Nagios
Status: Network Analyzer
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-28924?

A self-authenticated cross-site scripting (XSS) vulnerability exists in Nagios Network Analyzer versions before 2.4.2. This issue allows an authenticated user to inject malicious scripts through the nagiosna/groups/queries page, potentially compromising user session data and leading to unauthorized access to sensitive information. Administrators are advised to update to the latest version to mitigate this risk.

References

https://medium.com/stolabs/issues-found-on-nagios-network...

x_refsource_MISC

https://www.nagios.com/downloads/nagios-network-analyzer/...

x_refsource_MISC

EPSS Score

66% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Mar 19, 2021