Cross-Site Scripting (XSS) Vulnerability in Nagios Log Server 2.1.3 via /profile and /admin/users pages

Cross-Site Scripting (XSS) Vulnerability in Nagios Log Server 2.1.3 via /profile and /admin/users pages

CVE-2020-6586 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

Learn more about our Cis Benchmark Audit For Apple Ios.