Vulnerability in Nagios Xi

CVE-2018-15714

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.

EPSS: 0.214 (95.8th percentile) — read the EPSS interpretation.

Affected products

Nagios Xi — versions 5.5.6

References

www.tenable.com/security/research/tra-2018-37 (x_refsource_MISC)