CVE-2019-20139

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
nagiosnagios_xi
5.6.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://code610.blogspot.com/2019/12/multiple-xss-bugs-in-nagios-569.html
https://code610.blogspot.com/2019/12/multiple-xss-bugs-in-nagios-569.html