QwikSec

Security Database

CVE

CWE

Training

CVE-2011-10037

Published: Oct 30, 2025

Modified: Dec 22, 2025

PUBLISHED

Description

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Vendor	Product	Versions
Nagios	XI	affected `0 - < 2011R1.9`

Weaknesses (CWE)

References

https://www.nagios.com/changelog/nagios-xi/

release-notes

patch

https://www.vulncheck.com/advisories/nagios-xi-xss-via-xiwindow-variables-affecting-permalinks

third-party-advisory

http://0a29.blogspot.com/2011/12/0a29-11-3-cross-site-scripting.html

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.