Reflected XSS in Nagios Log Server Affected by Third-Party Links
CVE-2021-35478

5.4MEDIUM

Key Information:

Vendor

Nagios

Status
Log Server
Vendor
CVE Published:
27 July 2021

What is CVE-2021-35478?

Nagios Log Server versions earlier than 2.1.9 are susceptible to a Reflected XSS vulnerability that affects the dropdown menu within the alert history and audit log features. When users interact with a malicious link or a crafted webpage, it can exploit this vulnerability through manipulated parameters in the filtering options. This behavior could potentially expose sensitive data or allow unauthorized actions within the application.

References

https://www.nagios.com/downloads/nagios-log-server/change...
x_refsource_MISC
https://research.nccgroup.com/?research=Technical%20advis...
x_refsource_MISC
https://research.nccgroup.com/2021/07/22/technical-adviso...
x_refsource_MISC

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.