CVE-2020-36862

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.11

Description Nagios XI versions prior to 5.6.11 have unauthenticated issues in the Highcharts local exporting tool. Specifically, crafted export requests can lead to insufficient output encoding, resulting in cross-site scripting (XSS). This allows for the injection of script into exported content, which can then be executed in a user’s browser when viewed. Additionally, these requests can cause the server to fetch URLs specified by an attacker, potentially leading to server-side request forgery (SSRF) and the disclosure of sensitive information accessible from the export server.

Recommendations Update to version 5.6.11 or later.