Cross-Site Scripting Vulnerability in Nagios XI by Nagios
CVE-2020-36864
5.1MEDIUM
What is CVE-2020-36864?
Nagios XI versions before 5.7.2 are susceptible to a cross-site scripting (XSS) vulnerability. This issue arises from insufficient validation of user-provided input in the dashboard's background color settings. An attacker can exploit this weakness to inject and execute arbitrary scripts in the context of a victim's browser, potentially leading to data theft, session hijacking, or other malicious activities.
Affected Version(s)
XI 0 < 5.7.2