mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
869 B
869 B
CVE-2020-6586
Description
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
POC
Reference
- https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60
- https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60
Github
No PoCs found on GitHub currently.