CVE-2023-51072: XSS
First published: Fri Feb 02 2024(Updated: )
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios | <2024 | |
| Nagios | =2024-r1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-51072?
CVE-2023-51072 is considered a high severity vulnerability due to the potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2023-51072?
To fix CVE-2023-51072, update Nagios XI to version 2024R2 or later, where the vulnerability is patched.
Who is affected by CVE-2023-51072?
CVE-2023-51072 affects low-privileged users of Nagios XI versions up to and including 2024R1.
What kind of attacks can CVE-2023-51072 enable?
CVE-2023-51072 enables attackers to execute malicious HTML or JavaScript code through the audio file upload functionality.
Can CVE-2023-51072 be exploited by unauthenticated users?
No, CVE-2023-51072 requires user authentication to exploit the stored XSS vulnerability.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/nagios
- canonical/nagios
- version/nagios/2024-r1