Cross-Site Scripting Vulnerability in Nagios XI
CVE-2011-10036

5.1MEDIUM

Key Information:

Vendor: NagiOS
Status: Xi
Vendor: CVE Published:; 30 October 2025

What is CVE-2011-10036?

Nagios XI prior to version 2011R1.9 is susceptible to a cross-site scripting (XSS) vulnerability due to inadequate validation of the 'backend_url' JavaScript link. This flaw allows attackers to inject malicious scripts, potentially compromising the security of users' browsers by executing arbitrary code within their context. Implementing updates and security patches is crucial to mitigate this risk.

Affected Version(s)

XI 0 < 2011R1.9

References

https://www.nagios.com/changelog/nagios-xi/

release-notespatch

https://www.vulncheck.com/advisories/nagios-xi-xss-via-ba...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

0a29406d9794e4f9b30b3c5d6702c708

JSON

NagiOS

What is CVE-2011-10036?

Affected Version(s)

References

CVSS V4

Timeline

Credit