A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://nagios.com |
![]() ![]() |
https://www.nagios.com/changelog/ |
![]() ![]() |
History
Wed, 27 Aug 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nagios
Nagios nagios Nagios nagios Xi Nagios xi |
|
Vendors & Products |
Nagios
Nagios nagios Nagios nagios Xi Nagios xi |
Tue, 26 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 26 Aug 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-26T16:05:17.085Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-56432

Updated: 2025-08-26T16:05:13.278Z

Status : Awaiting Analysis
Published: 2025-08-26T16:15:37.590
Modified: 2025-08-29T16:22:31.970
Link: CVE-2025-56432

No data.

Updated: 2025-08-27T11:41:40Z