Vulnerability Description
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Nagios Xi | < 5.11.2 |
Related Weaknesses (CWE)
References
- http://nagios.comProduct
- https://outpost24.com/blog/nagios-xi-vulnerabilities/Third Party Advisory
- https://www.nagios.com/products/security/Vendor Advisory
- http://nagios.comProduct
- https://outpost24.com/blog/nagios-xi-vulnerabilities/Third Party Advisory
- https://www.nagios.com/products/security/Vendor Advisory
FAQ
What is CVE-2023-40932?
CVE-2023-40932 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the ...
How severe is CVE-2023-40932?
CVE-2023-40932 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40932?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Nagios Xi.