Nagios XI Core Config Manager Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in the Core Config Manager (CCM) of Nagios XI, affecting versions prior to 5.8.2 and CCM versions prior to 3.1.1. The vulnerability arises from insufficient validation or escaping of user-supplied input in overlay modals, which may allow an attacker to inject and execute arbitrary scripts in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the Core Config Manager in an affected version of Nagios XI. Overlay modals can be triggered by various actions within the CCM, such as editing objects or managing templates. Once an overlay modal is open, inject a script into any input field that does not properly sanitize user input. After submitting the form, the injected script will be executed, demonstrating the cross-site scripting vulnerability.

Remediation

Users can upgrade to Nagios XI version 5.8.2 or later, or to Core Config Manager version 3.1.1 or later, where this vulnerability has been addressed.