CVE-2020-36865

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2

Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting (XSS) through the Business Process Intelligence (BPI) component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Recommendations Update to version 5.7.2 or later.