Lucene search
CVE-2021-25299
🗓️ 15 Feb 2021 13:12:15Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 64 Views🌐 WEB
Nagios XI v5.7.5 XSS in sshterm.php allows RCE via crafted UR
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2021-25299 | 15 Feb 202112:32 | – | cvelist |
 | Nagios XI 5.7.5 - Cross-Site Scripting | 21 Feb 202308:44 | – | nuclei |
 | Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-11074) | 19 Feb 202100:00 | – | cnvd |
 | Cross site scripting | 15 Feb 202113:15 | – | prion |
 | CVE-2021-25299 | 15 Feb 202113:15 | – | nvd |
 | Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299) | 18 Feb 202100:00 | – | checkpoint_advisories |
 | Nagios XI 5.7.5 Remote Code Execution Exploit | 26 Feb 202100:00 | – | zdt |
 | Nagios XI 5.7.5 Remote Code Execution | 26 Feb 202100:00 | – | packetstorm |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| url | query param | /nagiosxi/admin/sshterm.php | Cross-Site Scripting (XSS) vulnerability due to improper sanitization of the 'url' parameter. | CWE-79 |
| plugin_output_len | query param | /nagiosxi/config/monitoringwizard.php | Command injection vulnerability due to unsanitized input in 'plugin_output_len'. | CWE-77 |
| ip_address | query param | /nagiosxi/config/monitoringwizard.php | Command injection vulnerability due to unsanitized input in 'ip_address'. | CWE-77 |
| ip_address | query param | /nagiosxi/config/monitoringwizard.php | Command injection vulnerability due to unsanitized input in 'ip_address'. | CWE-77 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo15 Feb 2021 13:15Current
6.8Medium risk
Vulners AI Score6.8
CVSS24.3
CVSS36.1
EPSS0.77767