Nagios XI 5.11.1 and Below: Cross-Site Scripting (XSS) Vulnerability in Custom Logo Component
CVE-2023-40932 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Learn more about our Cis Benchmark Audit For Apple Ios.