CVE-2025-29471

HIGH

Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-29471. PoCs published by Seth Kraft, skraft9.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Nagios Log Server, allowing a low-privileged user to inject malicious JavaScript into their profile's email field. When an administrator views the audit logs, the script executes, creating a new admin account via CSRF token extraction and a POST request to the user creation endpoint.

Description

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

Exploits (2)

exploitdb WORKING POC

by Seth Kraft · webappsmultiple

https://www.exploit-db.com/exploits/52117

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Nagios Log Server, allowing a low-privileged user to inject malicious JavaScript into their profile's email field. When an administrator views the audit logs, the script executes, creating a new admin account via CSRF token extraction and a POST request to the user creation endpoint.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Nagios Log Server 2024R1.3.1 and below

Auth required

Prerequisites: Valid low-privileged user credentials · Administrator access to audit logs · External server to host malicious JavaScript payload

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by skraft9 · poc

https://github.com/skraft9/CVE-2025-29471

View Code ZIP pw:eip

This PoC demonstrates a stored XSS vulnerability in Nagios Log Server, allowing a low-privileged user to inject malicious JavaScript into their profile's email field. When an administrator views the audit logs, the payload executes, creating a new admin account.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Nagios Log Server 2024R1.3.1 and below

Auth required

Prerequisites: Access to a low-privileged user account in Nagios Log Server · Ability to host an external JavaScript payload · Administrator interaction with audit logs

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://www.exploit-db.com/exploits/52117

Release Notes

https://www.nagios.com/changelog/#log-server

Exploit

https://youtu.be/MvJuIkdTSQg

Scores

CVSS v3 8.3

EPSS 0.0593

EPSS Percentile 92.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

nagios/log_server 2024 r1.3.1

Published Apr 15, 2025

Tracked Since Feb 18, 2026