← Back

CVE-2013-10074

nvd nist
Published: Oct 30, 2025Modified: Nov 6, 2025

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Affected (18)

Products: Nagios: Nagios Xi
Nagios
1 product
Nagios Xi
Configuration A
18 vulnerable
Vulnerable SoftwareAffected Versions
Nagios
Nagios Xi
Before 2012
Nagios Xi
Version 2012 r1.0
Nagios Xi
Version 2012 r1.1
Nagios Xi
Version 2012 r1.2
Nagios Xi
Version 2012 r1.3
Nagios Xi
Version 2012 r1.4
Nagios Xi
Version 2012 r1.5
Nagios Xi
Version 2012r1.6
Nagios Xi
Version 2012r1.7
Nagios Xi
Version 2012r1.8
Nagios Xi
Version 2012r1.9
Nagios Xi
Version 2012r2.0
Nagios Xi
Version 2012r2.1
Nagios Xi
Version 2012r2.2
Nagios Xi
Version 2012r2.3
Nagios Xi
Version 2012r2.4
Nagios Xi
Version 2012r2.4 b
Nagios Xi
Version 2012r2.5

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: disclosure@vulncheck.com
Release Notes
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.