An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.
Se ha descubierto un problema en Nagios XI 5.4.13. Hay Cross-Site Scripting (XSS) explotable mediante Cross-Site Request Forgery (CSRF) en (1) la pantalla Schedule New Report mediante los parámetros hour, minute o ampm, relacionado con components/scheduledreporting; (2) includes/components/xicore/downtime.php, relacionado con la función update_pages; (3) los parámetros opts o background en ajaxhelper.php; (4) el parámetro del array i[] en ajax_handler.php; o (5) el parámetro title en deploynotification.php.
