Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.9 Allows Attack on Admin User
CVE-2019-20139 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
Learn more about our Cis Benchmark Audit For Apple Ios.