Cross-Site Scripting Vulnerability in Nagios XI by Nagios
CVE-2021-47696

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2021-47696?

Nagios XI versions prior to 5.8.0 are susceptible to a cross-site scripting flaw due to inadequate validation and escaping of user inputs during BPI config ID handling. This vulnerability enables attackers to inject and execute malicious scripts in the context of a victim's web browser, potentially compromising user data and security.

Affected Version(s)

XI 0 < 5.8.0

References

https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-bp...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Aberegg
JSON
.
CVE-2021-47696 : Cross-Site Scripting Vulnerability in Nagios XI by Nagios