CVE-2016-15051

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.2.4

Description The Reports interface is susceptible to cross-site scripting (XSS), a flaw where malicious scripts are injected into trusted websites. This occurs due to insufficient validation or escaping of user-supplied input within the startdate and enddate fields, potentially allowing an attacker to execute arbitrary scripts in the victim's browser.

Recommendations Update to version 5.2.4 or later. As a temporary workaround, restrict access to the Reports interface or avoid using the startdate and enddate fields until the update is applied.