Cross-Site Scripting Flaw in Nagios XI by Nagios
CVE-2011-10040

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2011-10040?

Nagios XI versions before 2011R1.9 are susceptible to a cross-site scripting vulnerability that arises from inadequate validation and escaping of user inputs in link-handling functionalities on status and report pages. This flaw could permit an attacker to inject and execute arbitrary scripts within the victim's browser session, potentially leading to unauthorized actions or data exposure. Vigilant remediation through upgrades is essential to mitigate this security risk.

Affected Version(s)

XI 0 < 2011R1.9

References

https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-st...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0a29406d9794e4f9b30b3c5d6702c708
JSON
.
CVE-2011-10040 : Cross-Site Scripting Flaw in Nagios XI by Nagios