CVE-2024-54958: XSS
First published: Thu Feb 20 2025(Updated: )
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-54958?
CVE-2024-54958 is classified as a stored Cross-Site Scripting (XSS) vulnerability.
How do I fix CVE-2024-54958?
To fix CVE-2024-54958, update Nagios XI to the latest version that addresses this XSS vulnerability.
Who is affected by CVE-2024-54958?
CVE-2024-54958 affects all users of Nagios XI version 2024R1.2.2.
What are the potential impacts of CVE-2024-54958?
The potential impacts of CVE-2024-54958 include session hijacking and unauthorized access to sensitive information.
Is CVE-2024-54958 related to user roles in Nagios XI?
Yes, CVE-2024-54958 can exploit stored scripts that are executed when other users access the Tools page, regardless of their user roles.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- vendor/nagios
- canonical/nagios