Vulnerability Description
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Log Server | < 2.1.9 |
Related Weaknesses (CWE)
References
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflectedExploitThird Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
- https://www.nagios.com/downloads/nagios-log-server/change-log/Release NotesVendor Advisory
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflectedExploitThird Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
- https://www.nagios.com/downloads/nagios-log-server/change-log/Release NotesVendor Advisory
FAQ
What is CVE-2021-35478?
CVE-2021-35478 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a cr...
How severe is CVE-2021-35478?
CVE-2021-35478 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35478?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Log Server.