Vulnerability Description
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Log Server | < 2.1.9 |
Related Weaknesses (CWE)
References
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflectedExploitThird Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
- https://www.nagios.com/downloads/nagios-log-server/change-log/Vendor Advisory
- https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflectedExploitThird Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
- https://www.nagios.com/downloads/nagios-log-server/change-log/Vendor Advisory
FAQ
What is CVE-2021-35479?
CVE-2021-35479 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link ...
How severe is CVE-2021-35479?
CVE-2021-35479 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35479?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Log Server.