Cross-Site Scripting Vulnerability in Nagios XI by Nagios
CVE-2023-7315

5.1MEDIUM

Key Information:

Vendor: NagiOS
Status: Xi
Vendor: CVE Published:; 30 October 2025

🔔 Create NagiOS Vulnerability Alert

What is CVE-2023-7315?

Nagios XI versions before 5.11.3 are exposed to a cross-site scripting threat through the Graph Explorer component. This results from inadequate validation and escaping of user inputs, enabling an attacker to inject and execute malicious scripts within a victim's browser session. Users of affected versions should promptly upgrade to mitigate risks associated with this vulnerability.

Affected Version(s)

XI 0 < 5.11.3

References

https://www.nagios.com/products/security/#nagios-xi

vendor-advisorypatch

https://www.nagios.com/changelog/nagios-xi/

release-notespatch

https://www.vulncheck.com/advisories/nagios-xi-xss-via-gr...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 21, 2025

Credit

Aleksey Solovev from Positive Technologies

.

CVE-2023-7315 : Cross-Site Scripting Vulnerability in Nagios XI by Nagios