CVE-2018-17146
MEDIUMNagios XI < 5.5.4 - Stored Cross-Site Scripting via Account Information Name Parameter
Title source: llmDescription
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Scores
CVSS v3
5.4
EPSS
0.0303
EPSS Percentile
86.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
nagios/nagios_xi
< 5.5.4
Published
Jun 19, 2019
Tracked Since
Feb 18, 2026