CVE-2021-47698

Publication date

2025-11-03 21:56:10

Family

VulnCheck

State

PUBLISHED

Description

Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victims browser.