CVE-2023-53690

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-53690

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53690.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-53690

Published

2025-10-30T22:15:42.780Z

Modified

2026-03-15T14:48:31.858155Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add authentication servers via LDAP/AD integration could persist a malicious payload that executes in the context of other users' browsers.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53690.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "4.2.0"
            }
        ]
    }
]