CVE-2024-42898

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.1.4

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. This enables attackers to potentially manipulate user sessions or steal sensitive information.

Recommendations For Nagios XI version 2024R1.1.4, as a temporary workaround, consider restricting access to the Account Settings page until a patch is available. Avoid using the Name parameter in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.