Nagios XI jquery security issues

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Post Reply
scheung
Posts: 7
Joined: Mon Oct 05, 2020 6:40 pm

Nagios XI jquery security issues

Post by scheung »

Hi,
We're running Nagios 2024 R1.
Our enterprise security team has requested that we shutdown our Nagios instance
because it contains a vulnerable version of the jQuery UI at v1.12.1.
Vulnerability scan results recommend that this be upgraded to at least
jQuery UI version 1.13.2.

Here are the cited vulnerabilities associated with jQuery UI.
Is there a way for us to ugprade jQuery UI used by NagiosXI, or
are there mitigiation steps we can take against the cited vulnerabilities or
are the vulnerabilities false postitives and not applicable to the jQuery UI
version used by NagiosXI.


jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2022-31160

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41184

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41183

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
CVE-2021-41182
Top
User avatar
swolf
Developer
Posts: 355
Joined: Tue Jun 06, 2017 9:48 am

Re: Nagios XI jquery security issues

Post by swolf »

Hi @scheung, thanks for reaching out.

It looks like this is an oversight on our part - thanks for letting us know. I've filed an issue to get this plugin updated in a future maintenance release.
-Sebastian
Developer @ Nagios 2017-05-15 thru 2024-08-06
Top
Post Reply

Return to “Nagios XI”