CVE-2021-47696 – Nagios XI versions before 5.8.0 contain a cross... (How to Fix)

Q: What is the severity of CVE-2021-47696?

CVE-2021-47696 has a CVSS score of 5.4 (MEDIUM). Nagios XI versions before 5.8.0 contain a cross-site scripting vulnerability in BPI config ID handling. Attackers can inject malicious scripts that execute in victims' browsers when viewing affected pages. Organizations running Nagios XI monitoring systems with vulnerable versions are affected.

📋 TL;DR

Nagios XI versions before 5.8.0 contain a cross-site scripting vulnerability in BPI config ID handling. Attackers can inject malicious scripts that execute in victims' browsers when viewing affected pages. Organizations running Nagios XI monitoring systems with vulnerable versions are affected.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 5.8.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have access to inject malicious input into BPI config ID parameters.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Attackers steal session cookies to gain unauthorized access to the Nagios XI interface, allowing them to view monitoring data or modify configurations.

🟢

If Mitigated

With proper input validation and output encoding, script execution is prevented, limiting impact to visual disruption of the interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (victim must visit maliciously crafted page) and some level of access to inject payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.0

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: No

Instructions:

1. Backup current Nagios XI configuration. 2. Download Nagios XI 5.8.0 or later from Nagios website. 3. Follow official upgrade documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for BPI config ID parameters to reject malicious input.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in BPI config ID parameters.
Restrict access to Nagios XI interface to trusted IP addresses only.

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About. If version is below 5.8.0, system is vulnerable.

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

After upgrade, verify version is 5.8.0 or higher in Admin > System Config > About.

📡 Detection & Monitoring

Log Indicators:

Unusual BPI config ID parameter values containing script tags or JavaScript in web server logs
Multiple failed login attempts following suspicious parameter values

Network Indicators:

HTTP requests with BPI config ID parameters containing script tags or JavaScript code

SIEM Query:

source="*nagios*" AND ("BPI config" OR "bpi_config") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2021-47696

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: October 30, 2025

Last Updated: November 5, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-xss-via-bpi-config-id-handling Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47696, you might also want to check these: