Cross-site scripting (XSS) vulnerability in Nagios XI prior to 5.5.11 allows malicious users to inject arbitrary web script or HTML via the xiwindow parameter.
Various vulnerabilities have been found in Nagios XI version 5510, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation ...