Stored XSS Vulnerability in Nagios Log Server by Nagios
CVE-2021-35479

5.4MEDIUM

Key Information:

Vendor

Nagios

Status
Log Server
Vendor
CVE Published:
27 July 2021

What is CVE-2021-35479?

Nagios Log Server versions prior to 2.1.9 are susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This issue arises from improper handling of the custom column view in the alert history and audit log features. When a user interacts with a crafted link or a malicious third-party web page, it can trigger the injection of malicious scripts. Attackers can exploit this vulnerability to execute scripts in the context of the user's session, potentially allowing them to steal sensitive information or perform unauthorized actions. Users and administrators are advised to upgrade to the latest version to mitigate this risk.

References

https://www.nagios.com/downloads/nagios-log-server/change...
x_refsource_MISC
https://research.nccgroup.com/?research=Technical%20advis...
x_refsource_MISC
https://research.nccgroup.com/2021/07/22/technical-adviso...
x_refsource_MISC

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.