CVE-2016-15049

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 1.4.2

Description A flaw exists in the Nagios Log Server monitoring and log analysis software’s dashboard due to insufficient protection of the web page structure when viewing log entries. This can allow a remote attacker to conduct cross-site scripting (XSS) attacks. The issue occurs in the Dashboards section when rendering log entries in the Logs table, where untrusted log content is not safely encoded for output, enabling attacker-controlled data within logs to execute script in the victim’s browser within the application origin.

Recommendations Update to version 1.4.2 or later.