CVE-2020-10821

Name of the Vulnerable Software and Affected Versions Nagios XI version 5.6.11

Description The issue allows for cross-site scripting (XSS) attacks via the theme parameter in the "account/main.php" endpoint. This means an attacker could potentially inject malicious scripts into the website, affecting users who access the page.

Recommendations For Nagios XI version 5.6.11, as a temporary workaround, consider restricting access to the "account/main.php" endpoint until a patch is available. Avoid using the theme parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.