QwikSec

Security Database

CVE

CWE

Training

CVE-2020-36858

Published: Oct 30, 2025

Modified: Nov 17, 2025

PUBLISHED

Description

Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Vendor	Product	Versions
Nagios	Log Server	affected `0 - < 2.1.6`

Weaknesses (CWE)

References

https://www.nagios.com/changelog/nagios-log-server-2024r1/

release-notes

patch

https://www.vulncheck.com/advisories/nagios-log-server-xss-via-create-user-edit-user-and-manage-host-lists-pages

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.