This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
The version of Nagios XI hosted on the remote web server fails to
properly sanitize input to multiple web pages.
- A cross-site scripting vulnerability exists in the
'view' parameter of the 'perfgraphs/index.php' script.
- A cross-site scripting vulnerability exists in the 'div'
parameter of the 'graphexplorer/visApi.php' script.
- Multiple unspecified cross-site scripting
An attacker can leverage these issues by enticing a user to follow a
malicious URL, causing attacker-specified script code to run inside
the user's browser in the context of the affected site. Information
harvested this way may aid in launching further attacks.
See also :
Upgrade to Nagios XI 2011R3.0 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 60099 ()
Bugtraq ID: 54262