Vulnerabilities > Nagios > LOG Server > 2.0.7

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2021-35478 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function.
network
nagios CWE-79
3.5
3.5
2021-07-30 CVE-2021-35479 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter.
network
nagios CWE-79
3.5
3.5
2021-01-20 CVE-2020-25385 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
network
nagios CWE-79
4.3
4.3
2020-07-30 CVE-2020-16157 Cross-site Scripting vulnerability in Nagios LOG Server
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
network
low complexity
nagios CWE-79
5.4
5.4
2019-09-03 CVE-2019-15898 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
network
nagios CWE-79
4.3
4.3