HTTP: Nagios Log Server Audit Log And Alert History Reflected Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Nagios Log Server. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
Affected Products
Nagios log_server
Short Name
HTTP:XSS:NAGIOS-LGSRVR-XSS
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Alert And Audit CVE-2021-35478 Cross-Site History Log Nagios Reflected Scripting Server
Release Date
08/12/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3466
False Positive
Unknown
Vendors
Nagios
CVSS Score
3.5