Primary

Context

Nagios Log Server Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Nagios Log Server versions prior to 2024R1. This issue allows an attacker to inject a username containing JavaScript, which is then stored and later displayed without proper encoding or escaping on admin or user-facing pages. When an authenticated user accesses the affected page, the injected script is executed in their browser context.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Remediation

Users are advised to upgrade to Nagios Log Server version 2024R1 or above.

Added: Oct 30, 2025, 10:38 PM

Updated: Oct 30, 2025, 10:38 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Log Server Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Log Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating