CVE-2021-35479: XSS
First published: Tue Jul 27 2021(Updated: )
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Log Server | <2.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Nagios Log Server?
The vulnerability ID for Nagios Log Server is CVE-2021-35479.
What is the severity level of CVE-2021-35479?
The severity level of CVE-2021-35479 is medium with a severity value of 5.4.
How does CVE-2021-35479 impact Nagios Log Server?
CVE-2021-35479 allows for Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter.
How can the vulnerability in Nagios Log Server be exploited?
The vulnerability in Nagios Log Server can be exploited by opening a crafted link or third-party web page.
Where can I find more information about CVE-2021-35479 and Nagios Log Server?
You can find more information about CVE-2021-35479 and Nagios Log Server at the following references: [Link 1](https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/), [Link 2](https://research.nccgroup.com/?research=Technical%20advisories), [Link 3](https://www.nagios.com/downloads/nagios-log-server/change-log/).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios log server