PT-2025-44489 · Nagios · Nagios Fusion

Tisha Manandhar

·

Publicado

2025-10-30

·

Atualizado

2025-10-30

·

CVE-2023-7312

CVSS v2.0

8.5

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0
Description Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) issue when adding or configuring Email Settings. Insufficient input sanitization allows malicious code to be stored and executed in the browser of users viewing the affected page. An attacker could exploit this by modifying SMTP/email settings or manipulating sendmail configuration fields to inject and persist a malicious payload.
Recommendations Update to Nagios Fusion version 4.2.0 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2025-15970
CVE-2023-7312

Produtos afetados

Nagios Fusion