Security News > 2025 > April > Critical flaws fixed in Nagios Log Server

Critical flaws fixed in Nagios Log Server
2025-04-15 10:41

The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability (CVE-2025-29471) in the web interface of Nagios Log Server that allows a standard (low-privilege) user to inject a malicious JavaScript payload into their profile’s ’email’ field to achieve privilege escalation. “When an administrator … More → The post Critical flaws fixed in Nagios Log Server appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/04/15/critical-flaws-fixed-in-nagios-log-server/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-04-15 CVE-2025-29471 Unspecified vulnerability in Nagios LOG Server 2024
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nagios 15 0 62 51 34 147