CVE-2016-15053

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.2.4

Description Insufficient validation or escaping of user-supplied input in the "My Reports" listing of the web interface allows an attacker to inject and execute arbitrary script in the context of a victim's browser. This is a cross-site scripting (XSS) issue, where malicious scripts are injected into otherwise trusted websites.

Recommendations Update to version 5.2.4 or later.