EIP-2026-109829

PRE-CVE

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109829. PoCs published by Matthew Aberegg.

AI-analyzed exploit summary This exploit demonstrates multiple persistent XSS vulnerabilities in Nagios XI 5.7.5, targeting the 'My Tools', 'Business Process Intelligence', and 'Views' functionalities. The PoC includes HTTP POST requests with crafted payloads to trigger XSS when interacting with the vulnerable parameters.

Description

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Matthew Aberegg · textwebappsphp

https://www.exploit-db.com/exploits/49449

View Code ZIP pw:eip

This exploit demonstrates multiple persistent XSS vulnerabilities in Nagios XI 5.7.5, targeting the 'My Tools', 'Business Process Intelligence', and 'Views' functionalities. The PoC includes HTTP POST requests with crafted payloads to trigger XSS when interacting with the vulnerable parameters.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Nagios XI 5.7.5

Auth required

Prerequisites: Valid session cookie for authentication

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026