CVEs-PoC/2020/CVE-2020-6586.md

### [CVE-2020-6586](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6586)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

### POC

#### Reference
- https://medium.com/@fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60

#### Github
No PoCs found on GitHub currently.