Vulnerabilities

CVE-2020-6586

by Fred · 16/03/2020

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

Date published : 2020-03-16

https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT

https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60

Similar

Tags: Cybersecurity Alert