Nagios XI 5.5.10 XSS / Remote Code Execution

Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with “autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation.

Link: https://packetstormsecurity.com/files/152496/nagioxi5510-xssexec.txt