PT-2025-44493 · Nagios · Nagios Log Server
Ariane Blow
·
Published
2023-03-22
·
Updated
2025-10-30
·
CVE-2023-7321
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Nagios Log Server versions prior to 2.1.14
Description
Nagios Log Server is affected by a cross-site scripting (XSS) issue through the Snapshots Page. The application does not properly encode untrusted log content before displaying it, which allows attacker-controlled data within logs to execute scripts in a user's browser within the application's origin.
Recommendations
Update Nagios Log Server to version 2.1.14 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Log Server