Nagios XI before v5.8.7 exists to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
nagios nagios xi