CVE-2024-13993

CVSS v2.0

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2

Description The software is susceptible to a reflected cross-site scripting (XSS) issue via the login page when accessed using older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page could allow an attacker to create a malicious link. When a victim clicks this link, it may execute arbitrary JavaScript within the victim’s browser, within the Nagios XI origin. The issue is more apparent in legacy browsers, while modern browsers may offer some protection.

Recommendations Update Nagios XI to version 2024R1.1.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-14703

CVE-2024-13993

Affected Products

Nagios Xi

CVE-2024-13993

Weakness Enumeration

Related Identifiers

Affected Products

References · 8