CVE-2025-34278

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer versions prior to 2024R1

Description The software contains a stored cross-site scripting (XSS) issue within the Source Groups page, specifically in the percentile calculator menu. An attacker can inject a malicious payload that is stored by the application and executed when other users view the affected page, running the script within the victim’s browser.

Recommendations Update to version 2024R1 or later.