Nagios XI < 2011R3.0 Multiple XSS Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8365
SynopsisA vulnerable version of Nagios XI has been detected.
DescriptionVersions of Nagios XI prior to 20011R3.0 are affected by multiple cross-site scripting vulnerabilities due to failure to properly sanitize user input to multiple web pages.
- A cross-site scripting vulnerability exists in the 'view' parameter of the 'perfgraphs/index.php' script.
- A cross-site scripting vulnerability exists in the 'div' parameter of the 'graphexplorer/visApi.php' script.
- Multiple unspecified cross-site scripting vulnerabilities.
A remote attacker could exploit these vulnerabilities by tricking a user into requesting a maliciously crafted URL, causing script code to be run in the user's browser in the context of the affected site.
SolutionUpgrade to Nagios 2011R3.0 or later.