Stored Cross-Site Scripting Vulnerability in Nagios Fusion by Nagios
CVE-2023-53690

6.2MEDIUM

Key Information:

Vendor

NagiOS

Status
Fusion
Vendor
CVE Published:
30 October 2025

What is CVE-2023-53690?

Nagios Fusion versions before 4.2.0 are susceptible to a stored Cross-Site Scripting (XSS) vulnerability within the LDAP/AD authentication server configuration. This flaw arises from the processing of unsanitized user input, which can be stored in the system and rendered in the administrative user interface. As a result, when an affected page is accessed, malicious JavaScript can execute within the browser of any user viewing that page. An attacker with the ability to add authentication servers through LDAP/AD integration could embed a malicious payload that would subsequently execute in the context of other users' browsers, amplifying the potential impact of this vulnerability.

Affected Version(s)

Fusion 0 < 4.2.0

References

https://www.nagios.com/products/security/#fusion
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-fusion/
release-notespatch
https://www.vulncheck.com/advisories/nagios-fusion-ldap-a...
third-party-advisory

CVSS V4

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tisha Manandhar
JSON
.
CVE-2023-53690 : Stored Cross-Site Scripting Vulnerability in Nagios Fusion by Nagios