CVE-2024-47090: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-47090 is a Cross-Site Scripting (XSS) vulnerability discovered in NagVis versions before 1.9.47. The vulnerability was published on May 27, 2025, and affects the NagVis visualization addon for the Nagios network management system. The issue was identified and reported by Checkmk GmbH, who assigned it a CVSS 4.0 Base Score of 5.1 (Medium) (Wiz, NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS 4.0 vector string of CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. The security flaw specifically relates to the WYSIWYG editor functionality, where input was not properly sanitized, potentially allowing for cross-site scripting attacks (NVD, Wiz).

The vulnerability could allow attackers to execute cross-site scripting attacks through the WYSIWYG editor functionality. The impact is considered medium severity, with potential for limited confidentiality and integrity breaches (Wiz).

The vulnerability has been patched in NagVis version 1.9.47. The fix includes moving the option to edit these elements to a specific permission, and by default, only administrators can use the WYSIWYG editor. Users are advised to upgrade to version 1.9.47 or later to address this security issue (NagVis Changelog, Wiz).