CVE-2020-36864: 
Nagios XI vulnerability analysis and mitigation

CVE-2020-36864 affects Nagios XI versions prior to 5.7.2, discovered and disclosed on October 30, 2025. This vulnerability is a cross-site scripting (XSS) issue that exists in the background color settings functionality within Dashboards (VulnCheck Advisory, Nagios Changelog).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS v4.0 score of 5.1 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N. The issue stems from insufficient validation or escaping of user-supplied input in the dashboard background color settings feature (VulnCheck Advisory).

When exploited, this vulnerability allows an attacker to inject and execute arbitrary script code in the context of a victim's browser. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks (VulnCheck Advisory).

Users should upgrade to Nagios XI version 5.7.2 or later to address this vulnerability. The fix has been implemented in the 5.7.2 release (Nagios Changelog).