Cross-Site Scripting Vulnerability in Nagios XI Web Interface
CVE-2011-10037

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2011-10037?

Nagios XI prior to version 2011R1.9 contains a cross-site scripting (XSS) vulnerability due to inadequate validation and escaping of user inputs related to xiwindow variables. This weakness allows attackers to craft malicious scripts that can be executed in the context of a user's browser, potentially compromising sensitive information or session data. Proper updates and security measures are crucial to mitigate the risks associated with this vulnerability.

Affected Version(s)

XI 0 < 2011R1.9

References

https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-xi...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0a29406d9794e4f9b30b3c5d6702c708
JSON
.
CVE-2011-10037 : Cross-Site Scripting Vulnerability in Nagios XI Web Interface