Hello,
Since recently we started scanning our servers for vulnerabilities (with OpenVAS) and it seems the scan detects cross-site scripting vulnerabilties on our Nagios XI servers who are on the latest Nagios XI version, 5.6.12.
See attached screenshot. So is this an issue and if so, how can we solve it?
Grtz
Willem
Vulnerability scanner detected cross-site scripting vulnerab
Vulnerability scanner detected cross-site scripting vulnerab
You do not have the required permissions to view the files attached to this post.
Nagios XI 5.8.1
https://outsideit.net
https://outsideit.net
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Vulnerability scanner detected cross-site scripting vuln
Your report says "Nagios XI versions prior to 2011R1.9"
This was from about 8.5 years ago.
I tested the URL it claimed was a problem and see no issue
This was from about 8.5 years ago.
I tested the URL it claimed was a problem and see no issue
Re: Vulnerability scanner detected cross-site scripting vuln
Yes I know it's talking about an old version.... But still it's quite annoying it's somehow found with a qod of 99 %. Do you think Openvas detects Nagios XI and immediately flags old vulnerabilities..? Been scanning 100's of servers and most detected vulnerabilities did make sense. This doesn't. I'll see if I can find more info in the logs.
Nagios XI 5.8.1
https://outsideit.net
https://outsideit.net
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Vulnerability scanner detected cross-site scripting vuln
Maybe, you would have to ask themWillemDH wrote:Do you think Openvas detects Nagios XI and immediately flags old vulnerabilities..?
Out of an abundance of caution, I did attempt going to the URL it displayed in Nagios XI 5.6.12 and did not experience any XSS, just an error.