CVE-2023-38350

Name of the Vulnerable Software and Affected Versions PNP4Nagios versions 0.6.26 through 81ebfc5

Description The issue is related to stored XSS in the AJAX controller via the basket API and filters. This can be exploited by a remote attacker to perform cross-site scripting attacks. The vulnerability is due to the lack of protection of the web page structure.

Recommendations For PNP4Nagios version 0.6.26, consider disabling the filter() and basket() functions in the Ajax Controller as a temporary workaround until a patch is available. For versions prior to the fixed version, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.