CVE-2023-53688

Sažetak

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

Reference

https://www.nagios.com/changelog/nagios-xi/
https://www.nagios.com/products/security/#nagios-xi
https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relay

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

30-10-2025 - 22:15

Objavljeno

30-10-2025 - 22:15