4 matches found
CVE-2021-47698
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting XSS via the Core UI’s Views URL handling escapestring. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...
CVE-2021-47698
Summary: CVE-2021-47698 affects Nagios XI versions prior to 5.8.7 that embed Nagios Core. The vulnerability is a cross-site scripting (XSS) flaw in the Core UI Views URL handling (escape_string()), caused by insufficient validation/escaping of user-supplied input. Impact per sources: could allow ...
CVE-2021-47698 Nagios XI < 5.8.7 XSS in Core UI Views URL handling
Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting XSS via the Core UI’s Views URL handling escapestring. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...
EUVD-2021-34701
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting XSS via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...