Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-53688

Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.

Published

2025-10-30T22:15:42.487

Last Modified

2025-11-05T18:21:40.933

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nagios	nagios_xi	< 5.11.3	Yes

References

https://www.nagios.com/changelog/nagios-xi/ Release Notes ([email protected])
https://www.nagios.com/products/security/#nagios-xi Release Notes ([email protected])
https://www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relay Third Party Advisory ([email protected])