Cross-Site Scripting Vulnerability in Nagios XI Account Information Page

CVE-2018-17146 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.

Learn more about our Cis Benchmark Audit For Apple Ios.