CVE-2021-35479 - Vulnerability Details - OpenCVE

Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nagios	Log Server

Configuration 1 [-]

cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/
https://research.nccgroup.com/?research=Technical%20advisories
https://www.nagios.com/downloads/nagios-log-server/change-log/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-27T11:47:41

Updated: 2024-08-04T00:40:46.745Z

Reserved: 2021-06-24T00:00:00

Link: CVE-2021-35479

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-07-30T14:15:17.943

Modified: 2024-11-21T06:12:21.313

Link: CVE-2021-35479

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-27T11:47:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/"}, {"tags": ["x_refsource_MISC"], "url": "https://research.nccgroup.com/?research=Technical%20advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-35479", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nagios.com/downloads/nagios-log-server/change-log/", "refsource": "MISC", "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/"}, {"name": "https://research.nccgroup.com/?research=Technical%20advisories", "refsource": "MISC", "url": "https://research.nccgroup.com/?research=Technical%20advisories"}, {"name": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/", "refsource": "MISC", "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:40:46.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.nccgroup.com/?research=Technical%20advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-35479", "datePublished": "2021-07-27T11:47:41", "dateReserved": "2021-06-24T00:00:00", "dateUpdated": "2024-08-04T00:40:46.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0080172-D0FB-4488-A74D-58DAC7DCFB20", "versionEndExcluding": "2.1.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page."}, {"lang": "es", "value": "Nagios Log Server versiones anteriores a 2.1.9 contiene una vulnerabilidad de tipo XSS almacenado en la visualizaci\u00f3n de columna personalizada para la funci\u00f3n alert history and audit log a trav\u00e9s del par\u00e1metro affected pp. Esto afecta a usuarios que abren un enlace dise\u00f1ado o una p\u00e1gina web de terceros"}], "id": "CVE-2021-35479", "lastModified": "2024-11-21T06:12:21.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-30T14:15:17.943", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://research.nccgroup.com/?research=Technical%20advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vulnerability-in-nagios-log-server-cve-2021-35478cve-2021-35479/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://research.nccgroup.com/?research=Technical%20advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/downloads/nagios-log-server/change-log/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}