Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). Read more