Vulnerability Details CVE-2021-35478
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.556
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/
- https://research.nccgroup.com/?research=Technical%20advisories
- https://www.nagios.com/downloads/nagios-log-server/change-log/
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/
- https://research.nccgroup.com/?research=Technical%20advisories
- https://www.nagios.com/downloads/nagios-log-server/change-log/
Products affected by CVE-2021-35478
-
cpe:2.3:a:nagios:log_server:-
-
cpe:2.3:a:nagios:log_server:1.3.0
-
cpe:2.3:a:nagios:log_server:1.4.0
-
cpe:2.3:a:nagios:log_server:1.4.1
-
cpe:2.3:a:nagios:log_server:1.4.2
-
cpe:2.3:a:nagios:log_server:1.4.3
-
cpe:2.3:a:nagios:log_server:1.4.4
-
cpe:2.3:a:nagios:log_server:2.0.0
-
cpe:2.3:a:nagios:log_server:2.0.1
-
cpe:2.3:a:nagios:log_server:2.0.2
-
cpe:2.3:a:nagios:log_server:2.0.3
-
cpe:2.3:a:nagios:log_server:2.0.4
-
cpe:2.3:a:nagios:log_server:2.0.5
-
cpe:2.3:a:nagios:log_server:2.0.6
-
cpe:2.3:a:nagios:log_server:2.0.7
-
cpe:2.3:a:nagios:log_server:2.0.8
-
cpe:2.3:a:nagios:log_server:2.1.6
-
cpe:2.3:a:nagios:log_server:2.1.7
-
cpe:2.3:a:nagios:log_server:2.1.8