What is CVE-2021-35478?

CVE-2021-35478 is a vulnerability in N/a. Published 2021-07-27.

Is CVE-2021-35478 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-35478

Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.

EPSS: 0.766 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

n0-traces/cve_

References

www.nagios.com/downloads/nagios-log-server/change-log/ (x_refsource_MISC)
research.nccgroup.com/ (x_refsource_MISC)
research.nccgroup.com/2021/07/22/technical-advisory-stored-and-reflected-xss-vu… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-35478?: CVE-2021-35478 is a vulnerability in N/a. Published 2021-07-27.
Is CVE-2021-35478 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.