CVE-2024-13992

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1

Description A cross-site scripting (XSS) issue exists in Nagios XI when a user visits the "missing page" (404) page after following a link from another website. The page-missing.php component does not properly validate or escape user-supplied input, which allows an attacker to create a malicious link. When a victim visits this link, arbitrary JavaScript code can be executed in the victim’s browser within the Nagios XI domain.

Recommendations Update to version 2024R1.1 or later.