Márk Rákóczi

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.1.4 **Description** Nagios XI is affected by a local file inclusion issue through its NagVis integration. An authenticated user can provide specially crafted path values, which may lead to the inclusion of local files and potential exposure of sensitive information from the host system. **Recommendations** Update Nagios XI to version 2024R1.1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.1.3 **Description** Nagios XI is susceptible to cross-site scripting (XSS) through the Capacity Planning Report component. A lack of proper input validation or escaping could enable an attacker to inject and execute arbitrary script within a user's browser. **Recommendations** Update to version 2024R1.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nagios XI versions prior to 2024R1.1.3 **Description** Nagios XI is susceptible to cross-site scripting (XSS) through the Executive Summary Report component. A lack of proper input validation or escaping could allow an attacker to inject and execute arbitrary script within a user's browser. **Recommendations** Update to version 2024R1.1.3 or later.