Nagios XI 5.11.1 and Below: Cross-Site Scripting (XSS) Vulnerability in Custom Logo Component

Nagios XI 5.11.1 and Below: Cross-Site Scripting (XSS) Vulnerability in Custom Logo Component

CVE-2023-40932 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

Learn more about our Cis Benchmark Audit For Apple Ios.