CVE-2023-53688

Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay

CVSS 5.1 MEDIUMEPSS 0.3%CWE-352 CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

30 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Nagios · XI

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.nagios.com/changelog/nagios-xi/https://www.nagios.com/products/security/#nagios-xi https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relay