CVE-2021-25299: Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS).
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
Security readout for executives and security teams
Nagios XI 5.7.5 has an administrator-targeted XSS issue. If an admin clicks a crafted URL, an attacker may steal session cookies and the issue may support further chaining toward server compromise. The bundle does not provide CVSS, CWE, or a confirmed fixed version. Exposure is likely limited to organizations running Nagios XI 5.7.5, especially where administrators can be lured to external links while authenticated. Treat this as high priority for Nagios XI 5.7.5 environments because admin compromise could affect monitoring infrastructure and may be chained toward server control. Mitigation focus: Inventory Nagios XI deployments and identify any 5.7.5 instances.; Check Nagios release guidance for the appropriate fixed or supported upgrade path.; Prioritize upgrades for internet-reachable or broadly accessible admin consoles..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
3Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Feb 15, 2021, 12:32 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.