Reflected Cross-Site Scripting Vulnerability in Nagios XI by Nagios, Inc.
CVE-2021-33179

6.1MEDIUM

Key Information:

Vendor: Nagios
Status: Nagios Xi
Vendor: CVE Published:; 14 October 2021

What is CVE-2021-33179?

The user interface of Nagios XI versions earlier than 5.8.4 is exposed to a reflected cross-site scripting vulnerability. This allows an attacker to craft a malicious URL that, when accessed by an authenticated user, will execute a payload without their knowledge. This type of vulnerability poses significant risks as it can lead to unauthorized actions or data exposure in the context of the authenticated user.

Affected Version(s)

Nagios XI <5.8.4

References

https://www.synopsys.com/blogs/software-security/cyrc-adv...

x_refsource_MISC

EPSS Score

57% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2021
Vulnerability Reserved
May 18, 2021