|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Nagios XI Alert Cloud Cross-Site Scripting Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A reflected cross-site scripting vulnerability has been reported in Nagios Enterprises Nagios XI 2012 R1.5b and prior. The vulnerability is due to insufficient validation of incoming requests sent to index.php. The vulnerability can be exploited by a remote attacker by enticing the target user to follow a malicious link. Successful exploitation of this vulnerability would allow injection and execution of arbitrary HTML and script code in the target user's browser in the security context of the affected server. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |