CVE-2023-53688

Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay

CVSS 5.1 MEDIUMEPSS 0.3%CWE-352 CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

30 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Nagios · XI

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.nagios.com/changelog/nagios-xi/https://www.nagios.com/products/security/#nagios-xi https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relay