CVE-2019-15898
MEDIUMNagios Log Server < 2.0.8 - Reflected Cross-Site Scripting via Login Page Username
Title source: llmDescription
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/lucaottoni/reflectedxss_nagios/blob/master/README.md
Vendor Advisory x_refsource_misc
https://www.nagios.com/downloads/nagios-log-server/change-log/
Scores
CVSS v3
6.1
EPSS
0.0383
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
nagios/log_server
< 2.0.8
Published
Sep 03, 2019
Tracked Since
Feb 18, 2026