CVE-2023-38350 — MEDIUM (5.4)

Vulnerability Description

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pnp4Nagios	Pnp4Nagios	0.6.26

Related Weaknesses (CWE)

CWE-79

References

https://github.com/pnp4nagios/pnp4nagios/pull/16Exploit
https://github.com/pnp4nagios/pnp4nagios/pull/16Exploit

FAQ

What is CVE-2023-38350?

CVE-2023-38350 is a vulnerability with a CVSS score of 5.4 (MEDIUM). PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.

How severe is CVE-2023-38350?

CVE-2023-38350 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-38350?

Check the references section above for vendor advisories and patch information. Affected products include: Pnp4Nagios Pnp4Nagios.