Cross-Site Scripting Vulnerability in Nagios Fusion
CVE-2018-25119

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Fusion
Vendor
CVE Published:
30 October 2025

What is CVE-2018-25119?

Nagios Fusion versions below 4.1.5 are susceptible to cross-site scripting (XSS) due to insufficient input validation on the 'fusionwindow' parameter. This vulnerability can enable attackers to inject and execute arbitrary scripts in a user's browser, potentially leading to unauthorized actions and data exposure within the application context.

Affected Version(s)

Fusion 0 < 4.1.5

References

https://www.nagios.com/changelog/nagios-fusion/
release-notespatch
https://www.vulncheck.com/advisories/nagios-fusion-xss-vi...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2018-25119 : Cross-Site Scripting Vulnerability in Nagios Fusion