A vulnerable version of Nagios XI has been detected.
Versions of Nagios XI prior to 2009R1.3C are affected by multiple cross-site scripting vulnerabilities due to the 'grab_request_var()' function's failure to properly sanitize user input. This affects multiple parameters on the 'admin/users.php' page. A remote attacker could exploit these vulnerabilities by tricking a user into requesting a maliciously crafted URL, resulting in arbitrary code execution.
Upgrade to Nagios 2009R1.3C or later.