Vulnerability Description
Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly corrupted by the reflected XSS, the resulting browser compromise can lead to credential/session theft and unauthorized administrative actions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nagios | Fusion | < 4.2.0 |
Related Weaknesses (CWE)
References
- https://www.nagios.com/changelog/nagios-fusion/Release Notes
- https://www.nagios.com/products/security/#fusionVendor Advisory
- https://www.vulncheck.com/advisories/nagios-fusion-license-information-reflectedThird Party Advisory
FAQ
What is CVE-2023-53689?
CVE-2023-53689 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in t...
How severe is CVE-2023-53689?
CVE-2023-53689 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53689?
Check the references section above for vendor advisories and patch information. Affected products include: Nagios Fusion.