← back
CVE-2020-6586

CVE-2020-6586

EPSS 27.3%
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXThttps://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60https://www.nagios.com/products/nagios-log-server/