The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.
[
{
"product": "Nagios XI",
"vendor": "Nagios",
"versions": [
{
"status": "affected",
"version": "<5.8.4"
}
]
}
]