CVE Daily

CVE-2019-20139

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or serv...

Medium CVSS 5.4

Overview

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

CWE: CWE-79 Published: 2019-12-30T15:15:10.767
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.4 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags