CVE-2018-17146

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.5.4

Description A cross-site scripting issue exists via the name parameter within the Account Information page, allowing an attacker to execute arbitrary JavaScript code within the auto login admin management page.

Recommendations For versions prior to 5.5.4, update to version 5.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Account Information page until the update is applied. Avoid using the name parameter in the affected page until the issue is resolved.