Reflected Cross-Site Scripting in Nagios XI by Nagios
CVE-2024-13993

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-13993?

Nagios XI versions earlier than 2024R1.1.2 are susceptible to a reflected cross-site scripting (XSS) vulnerability present in the login page when accessed via older web browsers. This vulnerability stems from inadequate validation and escaping of user-supplied data that is reflected by the login interface. An attacker can exploit this by creating a malicious link that, if clicked by a victim, executes arbitrary JavaScript within the context of the Nagios XI instance in the victim’s browser. While the issue is particularly noticeable in legacy browser behaviors, newer browsers may introduce mitigations against certain exploit vectors.

Affected Version(s)

XI 0 < 2024R1.1.2

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-reflected-...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-13993 : Reflected Cross-Site Scripting in Nagios XI by Nagios