Page 1 of 1
Vulnerability scanner detected cross-site scripting vulnerab
Posted: Thu Mar 26, 2020 5:57 am
by WillemDH
Hello,
Since recently we started scanning our servers for vulnerabilities (with OpenVAS) and it seems the scan detects cross-site scripting vulnerabilties on our Nagios XI servers who are on the latest Nagios XI version, 5.6.12.
See attached screenshot. So is this an issue and if so, how can we solve it?
Grtz
Willem
Re: Vulnerability scanner detected cross-site scripting vuln
Posted: Thu Mar 26, 2020 9:20 am
by scottwilkerson
Your report says "Nagios XI versions prior to 2011R1.9"
This was from about 8.5 years ago.
I tested the URL it claimed was a problem and see no issue
Re: Vulnerability scanner detected cross-site scripting vuln
Posted: Fri Mar 27, 2020 2:06 am
by WillemDH
Yes I know it's talking about an old version.... But still it's quite annoying it's somehow found with a qod of 99 %. Do you think Openvas detects Nagios XI and immediately flags old vulnerabilities..? Been scanning 100's of servers and most detected vulnerabilities did make sense. This doesn't. I'll see if I can find more info in the logs.
Re: Vulnerability scanner detected cross-site scripting vuln
Posted: Fri Mar 27, 2020 7:10 am
by scottwilkerson
WillemDH wrote:Do you think Openvas detects Nagios XI and immediately flags old vulnerabilities..?
Maybe, you would have to ask them
Out of an abundance of caution, I did attempt going to the URL it displayed in Nagios XI 5.6.12 and did not experience any XSS, just an error.