CVE-2025-56432

MEDIUM

Nagios XI 2024R2 - Stored Cross-Site Scripting in Performance Data Renderer

Title source: llm

Description

A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.

References (2)

Core 2

Core References

Product

http://nagios.com

Release Notes

https://www.nagios.com/changelog/

Scores

CVSS v3 6.1

EPSS 0.0062

EPSS Percentile 70.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

nagios/nagios_xi 2024 r2

Published Aug 26, 2025

Tracked Since Feb 18, 2026