3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.6%
# Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting
# Date: 2020-08-07
# Vendor Homepage: https://www.nagios.com/products/nagios-log-server/
# Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/
# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
# Author Advisory: https://www.getastra.com/blog/911/stored-xss-vulnerability-nagios-log-server/
# Author Homepage: https://www.jinsonvarghese.com
# Version: 2.1.6 and below
# CVE : CVE-2020-16157
1. Description
Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software that allows organizations to view, sort, and configure logs. Version 2.1.6 of the application was found to be vulnerable to Stored XSS. An attacker (in this case, an authenticated regular user) can use this vulnerability to execute malicious JavaScript aimed to steal cookies, redirect users, perform arbitrary actions on the victimβs (in this case, an adminβs) behalf, logging their keystroke and more.
2. Vulnerability
The "Full Name" and "Username" fields in the /profile page or /admin/users/create page are vulnerable to Stored XSS. Once a payload is saved in one of these fields, navigate to the Alerting page (/alerts) and create a new alert and select Email Users as the Notification Method. As the user list is shown, it can be seen that the payload gets executed.
3. Timeline
Vulnerability reported to the Nagios team β July 08, 2020
Nagios Log Server 2.1.7 containing the fix to the vulnerability released β July 28, 2020
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.9 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.6%