CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43584
https://notcve.org/view.php?id=CVE-2021-43584
DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. Vulnerabilidad de Cross Site Scripting (XSS) basado en DOM en la funcionalidad 'Tail Event Logs' en Nagios Nagios Cross-Platform Agent (NCPA) anterior a 2.4.0 permite a los atacantes ejecutar código arbitrario a través del elemento de nombre al filtrar un registro. • https://github.com/NagiosEnterprises/ncpa/issues/830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4285 – Nagios NCPA tail.html cross site scripting
https://notcve.org/view.php?id=CVE-2021-4285
A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. • https://github.com/NagiosEnterprises/ncpa/commit/5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5 https://github.com/NagiosEnterprises/ncpa/pull/834 https://github.com/NagiosEnterprises/ncpa/releases/tag/v2.4.0 https://vuldb.com/?ctiid.216874 https://vuldb.com/?id.216874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •