Lucene search
MitreVULNRICHMENT:CVE-2023-40932HistorySep 19, 2023 - 12:00 a.m.
CVE-2023-40932
2023-09-1900:00:00
mitre
github.com
1
cve-2023-40932
nagios xi
cross-site scripting
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
49.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Related
cvelist
cvelist
CVE-2023-40932
2023-09-19 00:00:00
nvd
nvd
CVE-2023-40932
2023-09-19 23:15:10
cve
cve
CVE-2023-40932
2023-09-19 23:15:10
prion
prion
Cross site scripting
2023-09-19 23:15:00
nessus
nessus
Nagios XI < 5.11.2 Multiple Vulnerabilities
2023-09-21 00:00:00
thn
thn
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
2023-09-20 12:38:00
hivepro
hivepro
Critical Security Vulnerabilities Uncovered in Nagios XI
2023-09-25 05:14:53
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
49.8%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-40932