CVE-2024-13993

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2

Description The software is susceptible to a reflected cross-site scripting (XSS) issue via the login page when accessed using older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page could allow an attacker to create a malicious link. When a victim clicks this link, it may execute arbitrary JavaScript within the victim’s browser, within the Nagios XI origin. The issue is more apparent in legacy browsers, while modern browsers may offer some protection.

Recommendations Update Nagios XI to version 2024R1.1.2 or later.