CVE-2020-16157

MEDIUM

Nagios Log Server < 2.1.7 - Stored Cross-Site Scripting via Email Users Notification Menu

Title source: llm
STIX 2.1

Description

A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.

References (4)

Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.nagios.com/downloads/nagios-log-server/change-log/
Broken Link, Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/158992/Nagios-Log-Server-2.1.6-Cross-Site-Scripting.html

Scores

CVSS v3 5.4
EPSS 0.0657
EPSS Percentile 91.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
nagios/log_server < 2.1.7
Published Jul 30, 2020
Tracked Since Feb 18, 2026