Vulnerability Details CVE-2020-6586
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.073
EPSS Ranking 91.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
- https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60
- https://www.nagios.com/products/nagios-log-server/
- https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT
- https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60
- https://www.nagios.com/products/nagios-log-server/