CVE-2021-38156
MEDIUM NUCLEINagios XI < 5.8.6 - Stored Cross-Site Scripting in Dashboard Editor
Title source: llmExploitation Summary
CVE-2021-38156 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
Nuclei Templates (1)
Nagios XI < 5.8.6 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
Shodan:
http.title:"nagios xi"
FOFA:
app="nagios-xi"
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.nagios.com/downloads/nagios-xi/change-log/
Exploit, Third Party Advisory x_refsource_misc
https://raxis.com/blog/cve-2021-38156
Scores
CVSS v3
5.4
EPSS
0.8894
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
nagios/nagios_xi
< 5.8.6
Published
Sep 15, 2021
Tracked Since
Feb 18, 2026