Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-51072
CVE-2023-51072:
Nagios XI vulnerability analysis and mitigation
Overview
A stored cross-site scripting (XSS) vulnerability exists in the NOC component of Nagios XI version up to and including 2024R1. The vulnerability was discovered and disclosed on December 18, 2023, affecting the Operation Center section of the application (NVD, CVE).
Technical details
The vulnerability allows low-privileged users to execute malicious HTML or JavaScript code through the audio file upload functionality in the Operation Center section. The CVSS v3.1 base score is 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).
Impact
When exploited, this vulnerability enables any authenticated user to execute arbitrary JavaScript code on behalf of other users, including administrators. This could potentially lead to unauthorized access, data theft, or further system compromise through administrator account manipulation (NVD).
Mitigation and workarounds
Users should upgrade to a version newer than Nagios XI 2024R1. The vulnerability has been addressed in subsequent releases (Vendor Advisory).
Additional resources
Source: This report was generated using AI
Related Nagios XI vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management