Amit Raut

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to CCM 3.1.4 Nagios XI versions prior to 5.8.6 **Description** The Core Config Manager (CCM) in Nagios XI is subject to a reflected cross-site scripting (XSS) issue through the Test Command functionality. A lack of proper input validation or escaping could allow an attacker to inject and execute arbitrary script within a user's browser. **Recommendations** Update to CCM version 3.1.4 or later. Update to Nagios XI version 5.8.6 or later.