CVE-2024-54958

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.2.2

Description The issue is a stored Cross-Site Scripting (XSS) vulnerability in the Tools page of Nagios XI. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.

Recommendations For Nagios XI version 2024R1.2.2, as a temporary workaround, consider restricting access to the Tools page until a patch is available. Additionally, avoid using the Tools interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.