CVE-2025-29471

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions 2024R1.3.1 and earlier

Description A Cross Site Scripting vulnerability in Nagios Log Server allows a remote attacker to execute arbitrary code via a payload into the Email field. This issue can be exploited by injecting malicious code into the email field, potentially leading to unauthorized access or data breaches. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Nagios Log Server version 2024R1.3.1 and earlier, upgrade to version 2024R2 or 2024R1.3.2 to fix the issue. As a temporary workaround, consider restricting access to the email field to minimize the risk of exploitation. Avoid using the Email field in the affected version until the issue is resolved.