Nagios · Nagios Log Server · CVE-2023-7321
**Name of the Vulnerable Software and Affected Versions**
Nagios Log Server versions prior to 2.1.14
**Description**
Nagios Log Server is affected by a cross-site scripting (XSS) issue through the Snapshots Page. The application does not properly encode untrusted log content before displaying it, which allows attacker-controlled data within logs to execute scripts in a user's browser within the application's origin.
**Recommendations**
Update Nagios Log Server to version 2.1.14 or later.