CVE-2021-47698 – Nagios XI versions before 5.8.7 contain a cross... (How to Fix)

Q: What is the severity of CVE-2021-47698?

CVE-2021-47698 has a CVSS score of 5.4 (MEDIUM). Nagios XI versions before 5.8.7 contain a cross-site scripting vulnerability in the Core UI's Views URL handling. Attackers can inject malicious scripts that execute in victims' browsers when they visit manipulated URLs. This affects all Nagios XI administrators and users who access the vulnerable interface.

📋 TL;DR

Nagios XI versions before 5.8.7 contain a cross-site scripting vulnerability in the Core UI's Views URL handling. Attackers can inject malicious scripts that execute in victims' browsers when they visit manipulated URLs. This affects all Nagios XI administrators and users who access the vulnerable interface.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 5.8.7

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using embedded Nagios Core. Requires user interaction to trigger the XSS payload.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the Nagios interface through script injection.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking authenticated users into clicking malicious links. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.7

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download Nagios XI 5.8.7 or later from Nagios website. 3. Follow the upgrade instructions in the documentation. 4. Restart Nagios services after upgrade.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for URL parameters in the Core UI Views

Not applicable - requires code modification

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in URL parameters
Restrict access to Nagios XI interface to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About. If version is below 5.8.7, system is vulnerable.

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 5.8.7 or higher and test URL parameter handling in Core UI Views.

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters in web server logs containing script tags or JavaScript

Network Indicators:

HTTP requests with suspicious parameters to Nagios XI Core UI endpoints

SIEM Query:

source="web_server_logs" AND uri="*nagiosxi*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2021-47698

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: November 3, 2025

Last Updated: November 7, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-xss-in-core-ui-views-url-handling Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47698, you might also want to check these: