Cross-Site Scripting Vulnerability in Nagios XI by Nagios
CVE-2024-14000

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2024-14000?

Nagios XI prior to version 2024R1.1.3 features a vulnerability in the Capacity Planning Report component that allows for cross-site scripting (XSS). This arises from inadequate validation or escaping of user-supplied input, potentially enabling an attacker to inject and execute arbitrary scripts in a victim's browser. Organizations using affected versions are advised to upgrade to the latest version to mitigate threats and ensure their systems are secure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

XI 0

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-ca...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Márk Rákóczi
JSON
.