CVE-2020-36858 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2020-36858?

CVE-2020-36858 has a CVSS score of 5.4 (MEDIUM). This cross-site scripting (XSS) vulnerability in Nagios Log Server allows attackers to inject malicious scripts into web pages when users interact with Create User, Edit User, or Manage Host Lists functions. If exploited, these scripts execute in victims' browsers, potentially stealing credentials, session tokens, or performing unauthorized actions. Organizations using Nagios Log Server versions before 2.1.6 are affected.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Nagios Log Server allows attackers to inject malicious scripts into web pages when users interact with Create User, Edit User, or Manage Host Lists functions. If exploited, these scripts execute in victims' browsers, potentially stealing credentials, session tokens, or performing unauthorized actions. Organizations using Nagios Log Server versions before 2.1.6 are affected.

💻 Affected Systems

Products:

Nagios Log Server

Versions: All versions prior to 2.1.6

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default web interface configuration; no special configuration required for exploitation.

📦 What is this software?

Log Server by Nagios

View all CVEs affecting Log Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative access to Nagios Log Server, steals all monitoring data, compromises credentials for integrated systems, and uses the server as a pivot point to attack internal networks.

🟠

Likely Case

Attacker steals session cookies or authentication tokens to impersonate legitimate users, modifies monitoring configurations to hide malicious activity, or redirects users to phishing sites.

🟢

If Mitigated

Script execution is blocked by browser security features, or the attack only affects users with limited permissions, causing minimal data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to the web interface and victim interaction with injected pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.6 and later

Vendor Advisory: https://www.nagios.com/changelog/nagios-log-server-2024r1/

Restart Required: No

Instructions:

1. Backup current configuration. 2. Download Nagios Log Server 2.1.6 or later from Nagios website. 3. Follow upgrade instructions in documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for user-supplied data in web interface forms.

Content Security Policy

all

Implement strict Content Security Policy headers to restrict script execution sources.

🧯 If You Can't Patch

Restrict access to Nagios Log Server web interface to trusted users only using network segmentation and firewall rules.
Implement web application firewall (WAF) rules to detect and block XSS payloads in HTTP requests.

🔍 How to Verify

Check if Vulnerable:

Check Nagios Log Server version via web interface dashboard or command line: cat /usr/local/nagioslogserver/version.txt

Check Version:

cat /usr/local/nagioslogserver/version.txt

Verify Fix Applied:

Verify version is 2.1.6 or higher and test vulnerable pages (Create User, Edit User, Manage Host Lists) with basic XSS payloads to confirm sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript or HTML patterns in user input fields
Multiple failed login attempts followed by successful login from same IP
Unexpected modifications to user accounts or host lists

Network Indicators:

HTTP requests containing script tags or JavaScript code in form parameters
Unusual outbound connections from Nagios server to external domains

SIEM Query:

source="nagios_log_server" AND (http_request="*<script>*" OR http_request="*javascript:*" OR http_request="*onerror=*" OR http_request="*onload=*")

📊 Metadata

CVE ID: CVE-2020-36858

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: October 30, 2025

Last Updated: November 5, 2025

🔗 References

https://www.nagios.com/changelog/nagios-log-server-2024r1/ Release Notes
https://www.vulncheck.com/advisories/nagios-log-server-xss-via-create-user-edit-user-and-manage-host-lists-pages Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36858, you might also want to check these: