Stored XSS Vulnerability in Nagios Fusion by Nagios
CVE-2023-7312

6.2MEDIUM

Key Information:

Vendor

NagiOS

Status
Fusion
Vendor
CVE Published:
30 October 2025

What is CVE-2023-7312?

Nagios Fusion versions prior to 4.2.0 are susceptible to a stored cross-site scripting (XSS) vulnerability that arises when managing Email Settings. This flaw allows unsanitized user input to be retained and displayed in the administrative user interface, enabling malicious JavaScript execution in the browsers of users who access the compromised page. An attacker with the ability to modify SMTP/email configurations or sendmail parameters can inject persistent malicious scripts, jeopardizing the security of other users' sessions.

Affected Version(s)

Fusion 0 < 4.2.0

References

https://www.nagios.com/products/security/#fusion
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-fusion/
release-notespatch
https://www.vulncheck.com/advisories/nagios-fusion-email-...
third-party-advisory

CVSS V4

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tisha Manandhar
JSON
.
CVE-2023-7312 : Stored XSS Vulnerability in Nagios Fusion by Nagios