Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-16T15:30:57

Updated: 2024-08-04T09:11:04.623Z

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6586

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-16T16:15:14.517

Modified: 2024-11-21T05:36:00.933

Link: CVE-2020-6586

cve-icon Redhat

No data.