QwikSec

Security Database

CVE

CWE

Training

CVE-2021-25299

Published: Feb 15, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://nagios.com

x_refsource_MISC

https://assets.nagios.com/downloads/nagiosxi/versions.php

x_refsource_MISC

https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md

x_refsource_MISC

http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.