Strix
26.1K

CVE-2023-7312

MEDIUMCVSS 6.2/10EPSS 0.82%

Last modified

CVE-2023-7312 is a medium-severity vulnerability rated 6.2/10 on the CVSS scale. Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. EPSS estimates a 0.82% chance of exploitation in the next 30 days.

Description

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add or modify SMTP/email settings or manipulate the sendmail configuration fields could persist a malicious payload that executes in the context of other users' browsers.

Metrics

CVSS 3.1
4.8/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0
6.2/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
0.82%

52.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NagiosFusion< 4.2.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2023-7312?
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add or modify SMTP/email settings or manipulate the sendmail configuration fields could persist a malicious payload that executes in the context of other users' browsers.
How severe is CVE-2023-7312?
CVE-2023-7312 has a CVSS score of 6.2/10 (MEDIUM severity). The EPSS model estimates a 0.82% probability of exploitation in the next 30 days.
How do I fix CVE-2023-7312?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-7312?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST