Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers

Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI origin. The issue is observable under legacy browser behaviors; modern browsers may mitigate some vectors.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Nagios XI 安全漏洞

Nagios XI是美国Nagios公司的一套IT基础设施监控解决方案。该方案支持对应用、服务、操作系统等进行监控和预警。 Nagios XI 2024R1.1.2之前版本存在安全漏洞，该漏洞源于登录页面对用户输入验证和转义不足，可能导致反射型跨站脚本攻击。

N/A

N/A