Stored XSS Vulnerability in Nagios XI NOC Component
CVE-2023-51072

5.4MEDIUM

Key Information:

Vendor: Nagios
Status: Nagios Xi
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-51072?

A stored cross-site scripting vulnerability exists in the NOC component of Nagios XI that affects versions up to and including 2024R1. This flaw allows low-privileged authenticated users to upload malicious audio files, which can execute harmful JavaScript or HTML code in the context of other users, including administrators. As a result, this compromise can lead to unauthorized actions and potential data exposure.

References

https://www.nagios.com/products/security/#nagios-xi

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Dec 18, 2023