CVE-2023-53690

CVSS v2.0

8.5

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0

Description Nagios Fusion versions prior to 4.2.0 have a stored cross-site scripting (XSS) issue in the LDAP/AD authentication-server configuration. User input that is not properly sanitized can be stored and then displayed in the administrative user interface, which can lead to the execution of JavaScript in the browsers of users who view the affected page. An attacker who can add authentication servers using LDAP/AD integration could persist a malicious payload that runs in the context of other users’ browsers.

Recommendations Update Nagios Fusion to version 4.2.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-15968

CVE-2023-53690

Affected Products

Nagios Fusion

CVE-2023-53690

Weakness Enumeration

Related Identifiers

Affected Products

References · 7