4 matches found
CVE-2021-25299
Nagios XI version xi-5.7.5 is affected by cross-site scripting XSS. The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session...
Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)
A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-25299
creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:42+00:00| seen| https://t.me/cibsecurity/23592 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25299.yaml...
CVE-2021-25299
Nagios XI 5.7.5 is affected by a cross-site scripting (XSS) vulnerability in /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A malicious URL can steal an admin’s session cookies and may be chained with earlier bugs to achieve one-click remote comm...