CVE-2023-53688

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.11.3

Description The software is susceptible to cross-site scripting (XSS) and cross-site request forgery (CSRF) through the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, leading to the injection of malicious script that executes within a victim’s browser (XSS). The component also lacks sufficient anti-CSRF protections on operations that change system state, potentially allowing an attacker to make authenticated users perform unintended actions.

Recommendations Update to version 5.11.3 or later.