What the vulnerability does

01Description

The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.

Key dates

02Disclosure timeline

October 14, 2021 CVE published
August 3, 2024 Record updated