CVE-2019-20139

Name of the Vulnerable Software and Affected Versions Nagios XI version 5.6.9

Description The issue exists due to a cross-site scripting (XSS) flaw. This flaw can be exploited via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can potentially attack the admin user.

Recommendations For Nagios XI version 5.6.9, consider restricting access to the nocscreenapi.php and schedulereport.php scripts until a patch is available. As a temporary workaround, avoid using the host, hostgroup, servicegroup, hour, or frequency parameters in the affected scripts to minimize the risk of exploitation.