Reflected Cross-Site Scripting Vulnerability in Nagios Fusion by Nagios
CVE-2023-53689

6MEDIUM

Key Information:

Vendor

NagiOS

Status
Fusion
Vendor
CVE Published:
30 October 2025

What is CVE-2023-53689?

Nagios Fusion is susceptible to a reflected cross-site scripting (XSS) vulnerability within its license key configuration flow. This flaw enables attackers to craft specific URLs that, when accessed by unsuspecting users, can execute malicious scripts in their web browsers. Although the application server is not compromised directly, the exploitation of this XSS vulnerability can lead to severe consequences such as credential and session theft, as well as unauthorized actions by the attackers.

Affected Version(s)

Fusion 0 < 4.2.0

References

https://www.nagios.com/products/security/#fusion
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-fusion/
release-notespatch
https://www.vulncheck.com/advisories/nagios-fusion-licens...
third-party-advisory

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tisha Manandhar
JSON
.
CVE-2023-53689 : Reflected Cross-Site Scripting Vulnerability in Nagios Fusion by Nagios