Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.9 Allows Attack on Admin User

CVE-2019-20139 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

Learn more about our Cis Benchmark Audit For Apple Ios.