{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Nagios."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-31T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}, {"name": "20160609 nagios phishing vector & xss", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/Jun/20"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Nagios."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}, {"name": "20160609 nagios phishing vector & xss", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/Jun/20"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:22:20.650Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}, {"name": "20160609 nagios phishing vector & xss", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/Jun/20"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6209", "datePublished": "2017-03-31T15:00:00.000Z", "dateReserved": "2016-07-13T00:00:00.000Z", "dateUpdated": "2024-08-06T01:22:20.650Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios:-:*:*:*:*:*:*:*", "matchCriteriaId": "F89339E6-5484-4D0F-B834-FDD743C094B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Nagios."}, {"lang": "es", "value": "Vulnerabilidad XSS en Nagios."}], "id": "CVE-2016-6209", "lastModified": "2026-05-13T00:24:29.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-31T16:59:00.487", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/fulldisclosure/2016/Jun/20"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/fulldisclosure/2016/Jun/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nagios: Reflected XSS vulnerability and possible phishing vector", "id": "1346217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346217"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in Nagios.", "A user supplied GET parameter is used to create the value used as the src value of an iframe displayed on all pages. It allows for CSRF and javascript insertion techniques among others.\nAn attacker could forge a malicious URL that could include javascript execution in the main browser frame context, force the target to view a malicious web page (client side) or take advantage of concurrent cookies / sessions and perform a CSRF attack against other openstack components such as horizon."], "name": "CVE-2016-6209", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6"}, {"cpe": "cpe:/a:redhat:openstack:5::el7", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:storage:3.1", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Gluster Storage 3.1"}, {"cpe": "cpe:/a:redhat:mapc:4.1.0", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Mobile Application Platform On-Premise 4.1.0"}, {"cpe": "cpe:/a:redhat:mapc:4.2.0", "fix_state": "Not affected", "package_name": "nagios", "product_name": "Red Hat Mobile Application Platform On-Premise 4.2.0"}], "public_date": "2016-06-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6209\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6209"], "threat_severity": "Moderate"}

{}