CVE-2023-53688
Last modified
CVE-2023-53688 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios Xi | < 5.11.3 |
References
- https://www.nagios.com/changelog/nagios-xi/Release Notes
- https://www.nagios.com/products/security/#nagios-xiRelease Notes
- https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relayThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-53688?
How severe is CVE-2023-53688?
How do I fix CVE-2023-53688?
Are you affected by CVE-2023-53688?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST