CVE-2024-54959

Name of the Vulnerable Software and Affected Versions Nagios XI version 2024R1.2.2

Description The issue concerns a Cross-Site Request Forgery (CSRF) attack through the Favorites component, which enables POST-based Cross-Site Scripting (XSS). This allows for malicious actions to be performed on behalf of the user.

Recommendations For Nagios XI version 2024R1.2.2, as a temporary workaround, consider disabling the Favorites component until a patch is available. Restrict access to the Favorites component to minimize the risk of exploitation. Avoid using the Favorites component in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.