Cross-Site Scripting (XSS) Vulnerabilities in Nagios XI 5.4.13

Cross-Site Scripting (XSS) Vulnerabilities in Nagios XI 5.4.13

CVE-2018-10554 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.

Learn more about our Cis Benchmark Audit For Apple Ios.