CVE-2023-53688

CVSS v3.1

5.4

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.11.3

Description The software is susceptible to cross-site scripting (XSS) and cross-site request forgery (CSRF) through the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, leading to the injection of malicious script that executes within a victim’s browser (XSS). The component also lacks sufficient anti-CSRF protections on operations that change system state, potentially allowing an attacker to make authenticated users perform unintended actions.

Recommendations Update to version 5.11.3 or later.

Fix

CSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-79

Related Identifiers

BDU:2025-14533

CVE-2023-53688

Affected Products

Nagios Xi

CVE-2023-53688

Weakness Enumeration

Related Identifiers

Affected Products

References · 7