CVE-2013-10074
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
| Software | From | Fixed in |
|---|---|---|
| nagios / nagios_xi | - | 2012 |
| nagios / nagios_xi | 2012-r1.0 | 2012-r1.0.x |
| nagios / nagios_xi | 2012-r1.1 | 2012-r1.1.x |
| nagios / nagios_xi | 2012-r1.2 | 2012-r1.2.x |
| nagios / nagios_xi | 2012-r1.3 | 2012-r1.3.x |
| nagios / nagios_xi | 2012-r1.4 | 2012-r1.4.x |
| nagios / nagios_xi | 2012-r1.5 | 2012-r1.5.x |
| nagios / nagios_xi | 2012r1.6 | 2012r1.6.x |
| nagios / nagios_xi | 2012r1.7 | 2012r1.7.x |
| nagios / nagios_xi | 2012r1.8 | 2012r1.8.x |
| nagios / nagios_xi | 2012r1.9 | 2012r1.9.x |
| nagios / nagios_xi | 2012r2.0 | 2012r2.0.x |
| nagios / nagios_xi | 2012r2.1 | 2012r2.1.x |
| nagios / nagios_xi | 2012r2.2 | 2012r2.2.x |
| nagios / nagios_xi | 2012r2.3 | 2012r2.3.x |
| nagios / nagios_xi | 2012r2.4 | 2012r2.4.x |
| nagios / nagios_xi | 2012r2.4-b | 2012r2.4-b.x |
| nagios / nagios_xi | 2012r2.5 | 2012r2.5.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime