Detections
Analytics
Nagios XI < 2009R1.3C grab_request_var() Multiple XSS
medium Nessus Plugin ID 49776
Language:
Synopsis
A web application on the remote host has multiple cross-site scripting vulnerabilities.Description
According to its self-reported version, the Nagios XI installation on the remote host has multiple cross-site scripting vulnerabilities.The 'grab_request_var()' function doesn't properly sanitize user input. This affects input to multiple parameters on the 'admin/users.php' page.
A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in arbitrary script code execution.
Solution
Upgrade to Nagios XI 2009R1.3C or later.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-115/
Plugin Details
Severity: Medium
ID: 49776
File Name: nagiosxi_20100916.nasl
Version: 1.11
Type: remote
Family: CGI abuses : XSS
Published: 10/6/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
Required KB Items: www/nagios_xi
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/16/2010
Vulnerability Publication Date: 9/16/2010
Reference Information
BID: 43294