Nagios NCPA XSS in tail.html via arg name, remote exploit, fixed in 2.4.0
CVE-2021-4285 Published on December 27, 2022
Nagios NCPA tail.html cross site scripting
A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.
Timeline
Advisory disclosed
VulDB entry created
VulDB last update
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2021-4285 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2021-4285
Want to know whenever a new CVE is published for Nagios Cross Platform Agent? stack.watch will email you.
Affected Versions
Nagios NCPA Version n/a is affected by CVE-2021-4285Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.