Description
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.
References (1)
Core 1
Core References
Third Party Advisory
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2024-54958
Scores
CVSS v3
6.1
EPSS
0.0050
EPSS Percentile
66.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
nagios/nagios_xi
2024 r1.2.2
Published
Feb 20, 2025
Tracked Since
Feb 18, 2026