Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts
Vulnerability Description
Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to insufficient output encoding (XSS), and (2) cause the server to fetch attacker-specified URLs (SSRF), potentially accessing internal network resources. An unauthenticated remote attacker can leverage these issues to execute script in a user's browser when the exported content is viewed and to disclose sensitive information reachable from the export server via SSRF.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Nagios XI 安全漏洞
Vulnerability Description
Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 5.6.11之前版本存在安全漏洞,该漏洞源于Highcharts本地导出工具存在未经验证的漏洞,可能导致跨站脚本攻击和服务端请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A