CVE-2023-51072
MEDIUMNagios XI <= 2024R1 - Authenticated Stored Cross-Site Scripting via NOC Audio File Upload
Title source: llmDescription
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.
References (1)
Core 1
Core References
Vendor Advisory
https://www.nagios.com/products/security/#nagios-xi
Scores
CVSS v3
5.4
EPSS
0.0176
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
nagios/nagios_xi
2024 r1
nagios/nagios_xi
< 2024
Published
Feb 02, 2024
Tracked Since
Feb 18, 2026