Vulnerability in Nagios Xi

CVE-2018-15713

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

EPSS: 0.037 (88.2th percentile) — read the EPSS interpretation.

Affected products

Nagios Xi — versions 5.5.6

References

www.tenable.com/security/research/tra-2018-37 (x_refsource_MISC)