← volver
CVE-2024-13992

Nagios XI < 2024R1.1 XSS via Missing Page / 404

CVSS 5.1 MEDIUMEPSS 0.5%CWE-79
Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Productos afectados
Nagios · XI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.nagios.com/changelog/nagios-xi/2024r1-1/https://www.nagios.com/products/security/#nagios-xihttps://www.vulncheck.com/advisories/nagios-xi-xss-via-missing-page