CVE-2023-53688

Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay

CVSS 5.1 MEDIUMEPSS 0.3%CWE-352 CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

30 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Nagios · XI

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.nagios.com/changelog/nagios-xi/https://www.nagios.com/products/security/#nagios-xi https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relay