mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 17:51:17 +00:00
28 lines
946 B
JSON
28 lines
946 B
JSON
|
{
|
||
|
|
"id": "CVE-2023-40932",
|
||
|
|
"sourceIdentifier": "cve@mitre.org",
|
||
|
|
"published": "2023-09-19T23:15:10.237",
|
||
|
|
"lastModified": "2023-09-19T23:15:10.237",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "http://nagios.com",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://www.nagios.com/products/security/",
|
||
|
|
"source": "cve@mitre.org"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|