Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nagios XI < 2009R1.3C Multiple XSS Vulnerabilities

Medium

Synopsis

A vulnerable version of Nagios XI has been detected.

Description

Versions of Nagios XI prior to 2009R1.3C are affected by multiple cross-site scripting vulnerabilities due to the 'grab_request_var()' function's failure to properly sanitize user input. This affects multiple parameters on the 'admin/users.php' page. A remote attacker could exploit these vulnerabilities by tricking a user into requesting a maliciously crafted URL, resulting in arbitrary code execution.

Solution

Upgrade to Nagios 2009R1.3C or later.