This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
A web application on the remote host has multiple cross-site scripting
According to its self-reported version, the Nagios XI installation on
the remote host has multiple cross-site scripting vulnerabilities.
The 'grab_request_var()' function doesn't properly sanitize user
input. This affects input to multiple parameters on the
A remote attacker could exploit this by tricking a user into
requesting a maliciously crafted URL, resulting in arbitrary script
See also :
Upgrade to Nagios XI 2009R1.3C or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 49776 ()
Bugtraq ID: 43294