ID AKB:E0D18527-BFC2-4116-87D8-040CC4D96BC8
Type attackerkb
Reporter AttackerKB
Modified 2021-08-07T00:00:00


Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.

Recent assessments:

NinjaOperator at July 23, 2021 9:42pm UTC reported:

Stored and Reflected XSS Vulnerability in Nagios Log Server. Actors could execute malicious JavaScript on targets machines such as stealing cookies or redirecting users.
PoC is publicly available

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0