CVE-2023-51072

Name of the Vulnerable Software and Affected Versions Nagios XI versions up to and including 2024R1

Description A stored cross-site scripting (XSS) vulnerability in the NOC component allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This enables any authenticated user to execute arbitrary JavaScript code on behalf of other users, including administrators.

Recommendations For Nagios XI versions up to and including 2024R1, consider disabling the audio file upload functionality from the Operation Center section as a temporary workaround until a patch is available. Restrict access to the NOC component to minimize the risk of exploitation. Avoid using the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.