Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities

Published: 2010-09-20 13:31:27

CVSS Base Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Recommendations:
Updates are available. Please see the references for more information.

Summary:
Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Impact:
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Affected Versions:
Nagios XI 2009R1.3B is vulnerable, prior versions may also be affected.

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/43294

References:

https://www.securityfocus.com/bid/43294
http://secunia.com/secunia_research/2010-115/
http://assets.nagios.com/downloads/nagiosxi/CHANGES.TXT
http://www.nagios.com/products/nagiosxi

Search
Severity
Low
CVSS Score
2.6

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.