CVE-2021-43584: 
Nagios Cross-Platform Agent (NCPA) vulnerability analysis and mitigation

DOM-based Cross Site Scripting (XSS) vulnerability was discovered in the 'Tail Event Logs' functionality of Nagios Cross-Platform Agent (NCPA) versions before 2.4.0. The vulnerability allows attackers to execute arbitrary code via the name element when filtering for a log (NIST NVD, MITRE CVE).

The vulnerability exists in the 'Tail Event Logs' functionality accessed via the 'Live Data' dashboard. The issue occurs because the application sets the value of the search term on the name element using the jQuery .html() function instead of .text(), allowing for JavaScript code execution. The vulnerable code is located in the agent/listener/templates/tail.html file, where the name parameter is unsafely set using $('.name').html(name) (GitHub Issue). The vulnerability has been assigned a CVSS v3.1 Base Score of 4.8 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NIST NVD).

An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of an administrative NCPA user by tricking the user to enter a cross-site scripting (XSS) payload in the 'Tail Event Logs' page. This could lead to the exfiltration of the NCPA community string and gain of administrative access to the NCPA web interface (GitHub Issue).

The vulnerability has been fixed in NCPA version 2.4.0. The recommended mitigation is to upgrade to version 2.4.0 or later. For those unable to upgrade immediately, the technical recommendation is to modify the code to use jQuery .text() function instead of .html() when setting values on the name element (GitHub Issue).