Nagios XI < 2009R1.3C Multiple XSS Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8362
SynopsisA vulnerable version of Nagios XI has been detected.
DescriptionVersions of Nagios XI prior to 2009R1.3C are affected by multiple cross-site scripting vulnerabilities due to the 'grab_request_var()' function's failure to properly sanitize user input. This affects multiple parameters on the 'admin/users.php' page. A remote attacker could exploit these vulnerabilities by tricking a user into requesting a maliciously crafted URL, resulting in arbitrary code execution.
SolutionUpgrade to Nagios 2009R1.3C or later.