CVE-2024-58272

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1

Description The software contains a stored cross-site scripting (XSS) issue. An attacker can inject JavaScript code through a manipulated username that is stored and then displayed on admin or user-facing pages without proper encoding or escaping. When an authenticated user accesses the affected page, the injected script executes within their browser session.

Recommendations Update to Nagios Log Server version 2024R1 or later.