Lucene search
PRIOn knowledge basePRION:CVE-2023-40932HistorySep 19, 2023 - 11:15 p.m.
Cross site scripting
2023-09-1923:15:00
PRIOn knowledge base
www.prio-n.com
13
cross-site scripting
nagios xi
version 5.11.1
vulnerability
custom logo
alt-text
html injection
javascript injection
navbar
authenticated attackers
login page
plaintext credentials
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Related
cvelist
cvelist
CVE-2023-40932
2023-09-19 00:00:00
nvd
nvd
CVE-2023-40932
2023-09-19 23:15:10
cve
cve
CVE-2023-40932
2023-09-19 23:15:10
nessus
nessus
Nagios XI < 5.11.2 Multiple Vulnerabilities
2023-09-21 00:00:00
hivepro
hivepro
Critical Security Vulnerabilities Uncovered in Nagios XI
2023-09-25 05:14:53
thn
thn
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
2023-09-20 12:38:00