CVE-2023-53690

EPSS 1.9%
Veröffentlicht 30.10.2025 21:20:37
Zuletzt bearbeitet 06.11.2025 18:20:19
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add authentication servers via LDAP/AD integration could persist a malicious payload that executes in the context of other users' browsers.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nagios ≫ Fusion Version < 4.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.9%	0.827

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
disclosure@vulncheck.com	6.2	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.nagios.com/changelog/nagios-fusion/

Release Notes

https://www.nagios.com/products/security/#fusion

Vendor Advisory

https://www.vulncheck.com/advisories/nagios-fusion-ldap-ad-integration-stored-xss

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-53690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53690

EUVD