Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities Network Vulnerability

Summary

Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Nagios XI 2009R1.3B is vulnerable prior versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://assets.nagios.com/downloads/nagiosxi/CHANGES.TXT
http://secunia.com/secunia_research/2010-115/
http://www.nagios.com/products/nagiosxi
https://www.securityfocus.com/bid/43294

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
Oracle 9iAS SOAP configuration file retrieval
Google Chrome Information Disclosure Vulnerability
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
Microsoft Internet Explorer Information Disclosure Vulnerability

Take action and discover your vulnerabilities