CVE-2023-53690

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0

Description Nagios Fusion versions prior to 4.2.0 have a stored cross-site scripting (XSS) issue in the LDAP/AD authentication-server configuration. User input that is not properly sanitized can be stored and then displayed in the administrative user interface, which can lead to the execution of JavaScript in the browsers of users who view the affected page. An attacker who can add authentication servers using LDAP/AD integration could persist a malicious payload that runs in the context of other users’ browsers.

Recommendations Update Nagios Fusion to version 4.2.0 or later.