What is the vulnerability ID of this Nagios NCPA vulnerability?

The vulnerability ID is CVE-2021-4285.

What is the severity of CVE-2021-4285?

The severity of CVE-2021-4285 is medium with a CVSS score of 6.1.

How does CVE-2021-4285 affect Nagios NCPA?

CVE-2021-4285 affects Nagios NCPA by allowing remote attackers to initiate a cross-site scripting attack through the manipulation of the 'name' argument in the 'tail.html' file.

What is the recommended solution for CVE-2021-4285?

To mitigate CVE-2021-4285, it is recommended to upgrade to version 2.4.0 of Nagios NCPA.

What is the Common Weakness Enumeration (CWE) associated with CVE-2021-4285?

The CWE associated with CVE-2021-4285 is CWE-79 (Cross-Site Scripting).

Vulnerability/
CVE-2021-4285

medium

6.1

CWE

27/12/2022

3/8/2024

CVE-2021-4285: Nagios NCPA tail.html cross site scripting

First published: Tue Dec 27 2022(Updated: )

A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
Nagios Nagios Cross Platform Agent	<2.4.0
	<2.4.0

Remedy

https://github.com/NagiosEnterprises/ncpa/commit/5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5

Remedy

https://github.com/NagiosEnterprises/ncpa/pull/834

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this Nagios NCPA vulnerability?
The vulnerability ID is CVE-2021-4285.
What is the severity of CVE-2021-4285?
The severity of CVE-2021-4285 is medium with a CVSS score of 6.1.
How does CVE-2021-4285 affect Nagios NCPA?
CVE-2021-4285 affects Nagios NCPA by allowing remote attackers to initiate a cross-site scripting attack through the manipulation of the 'name' argument in the 'tail.html' file.
What is the recommended solution for CVE-2021-4285?
To mitigate CVE-2021-4285, it is recommended to upgrade to version 2.4.0 of Nagios NCPA.
What is the Common Weakness Enumeration (CWE) associated with CVE-2021-4285?
The CWE associated with CVE-2021-4285 is CWE-79 (Cross-Site Scripting).

collector/nvd-index
agent/type
agent/remedy
agent/author
agent/references
agent/weakness
agent/description
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/title
agent/tags
agent/event
agent/first-publish-date
vendor/nagios
canonical/nagios nagios cross platform agent

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.