Cross-Site Scripting and Request Forgery in Nagios XI by Nagios
CVE-2023-53688

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2023-53688?

Nagios XI prior to version 5.11.3 is susceptible to cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities through the Hypermap Replay component. Attackers can exploit these vulnerabilities by submitting malicious input that bypasses validation checks, allowing scripts to be executed in the user's browser context. Furthermore, the lack of robust anti-CSRF measures can mislead authenticated users into unknowingly executing actions that compromise their accounts. It is crucial for users to update to the latest version to mitigate these risks.

Affected Version(s)

XI 0 < 5.11.3

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-and-cs...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aleksey Solovev from Positive Technologies
JSON
.
CVE-2023-53688 : Cross-Site Scripting and Request Forgery in Nagios XI by Nagios