Cross-Site Scripting Vulnerability in Nagios XI by Nagios Enterprises
CVE-2023-7314

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2023-7314?

Versions of Nagios XI prior to 5.11.3 are susceptible to cross-site scripting attacks through its Bandwidth Report component. The vulnerability arises from insufficient validation and escaping of user-generated input, which may allow attackers to inject and execute scripts in the context of a victim's web browser. This can lead to unauthorized access and manipulation of sensitive data. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

XI 0 < 5.11.3

References

https://www.nagios.com/products/security/#nagios-xi
vendor-advisorypatch
https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-xss-via-ba...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aleksey Solovev from Positive Technologies
JSON
.
CVE-2023-7314 : Cross-Site Scripting Vulnerability in Nagios XI by Nagios Enterprises