Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Nagios XI 安全漏洞

Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.1之前版本存在安全漏洞，该漏洞源于page-missing.php组件未正确验证或转义用户输入，可能导致跨站脚本攻击。

N/A

N/A