Cross-Site Scripting Vulnerability in Nagios XI by Nagios
CVE-2024-14000

5.1MEDIUM

Key Information:

Vendor: NagiOS
Status: Xi
Vendor: CVE Published:; 30 October 2025

What is CVE-2024-14000?

Nagios XI prior to version 2024R1.1.3 features a vulnerability in the Capacity Planning Report component that allows for cross-site scripting (XSS). This arises from inadequate validation or escaping of user-supplied input, potentially enabling an attacker to inject and execute arbitrary scripts in a victim's browser. Organizations using affected versions are advised to upgrade to the latest version to mitigate threats and ensure their systems are secure.