Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Nagios XI 2009R1.3B is vulnerable prior versions may also be affected.
Updates are available. Please see the references for more information.
- Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
- NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
- MantisBT Cross-site scripting Vulnerability
- OneOrZero AIMS 'index.php' Cross Site Scripting Vulnerability
- Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities