CVE-2013-10074

Nagios XI versions prior to2012R2.6are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
nagiosnagios_xi
𝑥
< 2012
nagiosnagios_xi
2012r1.6:r1.6
nagiosnagios_xi
2012r1.7:r1.7
nagiosnagios_xi
2012r1.8:r1.8
nagiosnagios_xi
2012r1.9:r1.9
nagiosnagios_xi
2012r2.0:r2.0
nagiosnagios_xi
2012r2.1:r2.1
nagiosnagios_xi
2012r2.2:r2.2
nagiosnagios_xi
2012r2.3:r2.3
nagiosnagios_xi
2012r2.4:r2.4
nagiosnagios_xi
2012r2.4:r2.4
nagiosnagios_xi
2012r2.5:r2.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.nagios.com/changelog/nagios-xi/
https://www.vulncheck.com/advisories/nagios-xi-xss-via-tools-menu