Nagios Enterprises · Nagios Xi · CVE-2023-7318
**Name of the Vulnerable Software and Affected Versions**
Nagios XI versions prior to 2024R1.0.2
**Description**
Nagios XI versions prior to 2024R1.0.2 are susceptible to cross-site scripting (XSS) through the Nagios Core Command Expansion page. The issue stems from inadequate validation or escaping of user-supplied input, potentially enabling an attacker to inject and execute arbitrary script within a victim’s browser.
**Recommendations**
Update Nagios XI to version 2024R1.0.2 or later.