Loading
Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI origin. The issue is observable under legacy browser behaviors; modern browsers may mitigate some vectors.
Use CWE-79, Nagios vendor hub and Nagios Xi product page to widen CVE-2024-13993 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2024-13997, CVE-2025-34286 and CVE-2026-2043 for nearby disclosures in the same product family.