QwikSec

Security Database

CVE

CWE

Training

CVE-2020-6586

Published: Mar 16, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.nagios.com/products/nagios-log-server/

x_refsource_MISC

https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60

x_refsource_MISC

https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.