Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34323 | 1 Nagios | 1 Log Server | 2026-02-26 | 7.8 High |
| Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system. | ||||
| CVE-2025-29471 | 1 Nagios | 1 Log Server | 2025-04-23 | 8.3 High |
| Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field. | ||||
| CVE-2021-35479 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. | ||||
| CVE-2021-35478 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. | ||||
| CVE-2020-25385 | 1 Nagios | 1 Log Server | 2024-11-21 | 6.1 Medium |
| Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | ||||
| CVE-2020-16157 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. | ||||
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2024-11-21 | N/A |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | ||||
Page 1 of 1.