Nagios Support Forum

Hi,

We are running Nagios xi 5.10.0. Our Nessus reports an jquery vulnerability

URL : https://NVS-NAGIOS-01.vcloud.lu/nagiosx ... 4.1.min.js
Installed version : 3.4.1
Fixed version : 3.5.0

Could you help to correct this?

It seems like the latest version 3.6.0 is used within the GUI but additional old jquery version are still available

[root@nagios-server: ~]# find /usr/local/nagiosxi/html/includes/js/jquery/ -name "jquery-*"
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js.orig
/usr/local/nagiosxi/html/includes/js/jquery/css/smoothness/jquery-ui-1.9.0.custom.min.css
/usr/local/nagiosxi/html/includes/js/jquery/css/smoothness/jquery-ui.custom.min.css
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-timepicker-addon.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-3.0.0.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-1.4.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-1.9.0.custom.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.4.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-ui-1.12.1.custom.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-migrate-1.2.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.3.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.11.2.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.5.1.min.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.x.compat.js
/usr/local/nagiosxi/html/includes/js/jquery/jquery-3.6.0.min.js

May I run a cleanup? Which versions do i need to keep?

Thanks in advance

Hi guys,

Someone to help me solve this issue? Thanks in advance

Move all but the newest versions to another location, or back them up and remove them.

Move all but the newest versions to another location, or back them up and remove themdrift boss

What do you mean. Please review the file!

Which file would that be?