CVE-2021-47690: 
Nagios XI vulnerability analysis and mitigation

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser (VulnCheck Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v4.0 Base Score of 5.1 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and passive user interaction (UI:P). The vulnerability has no direct impact on confidentiality, integrity or availability (VC:N/VI:N/VA:N) but has low subsequent impact on confidentiality and integrity (SC:L/SI:L) (VulnCheck Advisory).

The vulnerability allows attackers to inject and execute arbitrary JavaScript code in the context of a victim's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks when users interact with the affected Overlay modals in the Core Config Manager (VulnCheck Advisory).

The vulnerability has been fixed in Nagios XI version 5.8.2 and CCM version 3.1.1. Users should upgrade to these or newer versions to mitigate the vulnerability (Nagios Changelog).