XSS Vulnerability in Nagios XI Product by Nagios
CVE-2024-13992

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
31 October 2025

What is CVE-2024-13992?

A cross-site scripting (XSS) vulnerability has been identified in Nagios XI versions prior to 2024R1.1, which arises when a user accesses the 'missing page' (404) page after navigating from an external link. The vulnerability is located in the 'page-missing.php' component that inadequately validates or escapes user-supplied input. As a result, an attacker can craft a malicious link designed to execute arbitrary JavaScript in the victim’s browser upon visiting the affected page, potentially leading to unauthorized actions under the Nagios XI domain.

Affected Version(s)

XI 0 < 2024R1.1

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/2024r1-1/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-mi...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Adam Kues from Assetnote
JSON
.
CVE-2024-13992 : XSS Vulnerability in Nagios XI Product by Nagios