This host is running Nagios XI and is prone to multiple cross-site scripting vulnerabilities.

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to Nagios XI version 2011R1.9 or later, For updates refer to http://www.nagios.com/products/nagiosxi

Multiple flaws are due to improper validation of user-supplied input appended to the URL in multiple scripts, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Nagios XI versions prior to 2011R1.9

• http://packetstormsecurity.org/files/107872/0A29-11-3.txt
• http://seclists.org/fulldisclosure/2011/Dec/354
• http://www.securityfocus.com/bid/51069
• http://xforce.iss.net/xforce/xfdb/71825
• http://xforce.iss.net/xforce/xfdb/71826

---

Updated on 2015-03-25