PT-2025-44487 · Nagios · Nagios Fusion
Tisha Manandhar
·
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2023-53689
CVSS v2.0
8.5
High
| AV:N/AC:L/Au:S/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Nagios Fusion versions prior to 4.2.0
Description
Nagios Fusion versions prior to 4.2.0 have a reflected cross-site scripting (XSS) issue in the license key configuration process. This allows an attacker to execute scripts in a user's browser by tricking them into following a specially crafted URL. Successful exploitation can lead to the theft of credentials or session information, potentially granting unauthorized administrative access.
Recommendations
Update to Nagios Fusion version 4.2.0 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Fusion