Vulnerability-Lookup

CVE-2023-40932 (GCVE-0-2023-40932)

Vulnerability from cvelistv5 – Published: 2023-09-19 00:00 – Updated: 2024-09-24 20:39

Summary

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Assigner

mitre

References

3 references

URL	Tags
http://nagios.com
https://www.nagios.com/products/security/
https://outpost24.com/blog/nagios-xi-vulnerabilities/

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://nagios.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nagios.com/products/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T20:39:09.574785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:39:19.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-19T22:28:43.238Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://nagios.com"
        },
        {
          "url": "https://www.nagios.com/products/security/"
        },
        {
          "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-40932",
    "datePublished": "2023-09-19T00:00:00.000Z",
    "dateReserved": "2023-08-22T00:00:00.000Z",
    "dateUpdated": "2024-09-24T20:39:19.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-40932",
      "date": "2026-06-10",
      "epss": "0.02638",
      "percentile": "0.86035"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.11.2\", \"matchCriteriaId\": \"9DDB8315-F31F-4D8D-B78D-586732BDC727\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de A Cross-Site scripting (XSS) en Nagios XI versi\\u00f3n 5.11.1 y anteriores permite a atacantes autenticados con acceso al componente del logotipo personalizado inyectar javascript o HTML de su elecci\\u00f3n a trav\\u00e9s del campo de texto alternativo. Esto afecta a todas las p\\u00e1ginas que contienen la barra de navegaci\\u00f3n, incluida la p\\u00e1gina de inicio de sesi\\u00f3n, lo que significa que el atacante puede robar credenciales de texto plano.\"}]",
      "id": "CVE-2023-40932",
      "lastModified": "2024-11-21T08:20:19.183",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2023-09-19T23:15:10.237",
      "references": "[{\"url\": \"http://nagios.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://outpost24.com/blog/nagios-xi-vulnerabilities/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.nagios.com/products/security/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://nagios.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://outpost24.com/blog/nagios-xi-vulnerabilities/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.nagios.com/products/security/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-40932\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-09-19T23:15:10.237\",\"lastModified\":\"2024-11-21T08:20:19.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de A Cross-Site scripting (XSS) en Nagios XI versi\u00f3n 5.11.1 y anteriores permite a atacantes autenticados con acceso al componente del logotipo personalizado inyectar javascript o HTML de su elecci\u00f3n a trav\u00e9s del campo de texto alternativo. Esto afecta a todas las p\u00e1ginas que contienen la barra de navegaci\u00f3n, incluida la p\u00e1gina de inicio de sesi\u00f3n, lo que significa que el atacante puede robar credenciales de texto plano.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.11.2\",\"matchCriteriaId\":\"9DDB8315-F31F-4D8D-B78D-586732BDC727\"}]}]}],\"references\":[{\"url\":\"http://nagios.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://outpost24.com/blog/nagios-xi-vulnerabilities/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.nagios.com/products/security/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://nagios.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://outpost24.com/blog/nagios-xi-vulnerabilities/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.nagios.com/products/security/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://nagios.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.nagios.com/products/security/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://outpost24.com/blog/nagios-xi-vulnerabilities/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:46:11.160Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-40932\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T20:39:09.574785Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T20:39:13.295Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"http://nagios.com\"}, {\"url\": \"https://www.nagios.com/products/security/\"}, {\"url\": \"https://outpost24.com/blog/nagios-xi-vulnerabilities/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-09-19T22:28:43.238Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-40932\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T20:39:19.860Z\", \"dateReserved\": \"2023-08-22T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-09-19T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2023-06150

Vulnerability from fstec - Published: 04.08.2023

Title

Уязвимость компонента Custom Logo («Пользовательский логотип») инструмента для мониторинга Nagios XI, позволяющая нарушителю проводить межсайтовые сценарные атаки

Description

Уязвимость компонента Custom Logo («Пользовательский логотип») инструмента для мониторинга Nagios XI связана с непринятием мер по защите структуры запроса SQL при обработке поля alt-text. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить межсайтовые сценарные атаки

Severity


                    
                      AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vendor

Nagios Enterprises LLC

Software Name

Nagios XI

Software Version

до 5.11.2 (Nagios XI)

Possible Mitigations

Использование рекомендаций: https://www.nagios.com/products/security/

Reference

http://nagios.com https://outpost24.com/blog/nagios-xi-vulnerabilities/ https://www.nagios.com/products/security/

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Nagios Enterprises LLC",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.11.2 (Nagios XI)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.nagios.com/products/security/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.08.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.09.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06150",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-40932",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Nagios XI",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Custom Logo (\u00ab\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u043b\u043e\u0433\u043e\u0442\u0438\u043f\u00bb) \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Nagios XI, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Custom Logo (\u00ab\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u043b\u043e\u0433\u043e\u0442\u0438\u043f\u00bb) \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 Nagios XI \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u043e\u043b\u044f alt-text. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://nagios.com \nhttps://outpost24.com/blog/nagios-xi-vulnerabilities/\nhttps://www.nagios.com/products/security/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}

FKIE_CVE-2023-40932

Vulnerability from fkie_nvd - Published: 2023-09-19 23:15 - Updated: 2024-11-21 08:20

Severity

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://nagios.com	Product
cve@mitre.org	https://outpost24.com/blog/nagios-xi-vulnerabilities/	Third Party Advisory
cve@mitre.org	https://www.nagios.com/products/security/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://nagios.com	Product
af854a3a-2127-422b-91ae-364da2661108	https://outpost24.com/blog/nagios-xi-vulnerabilities/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.nagios.com/products/security/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	nagios	nagios_xi	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727",
              "versionEndExcluding": "5.11.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de A Cross-Site scripting (XSS) en Nagios XI versi\u00f3n 5.11.1 y anteriores permite a atacantes autenticados con acceso al componente del logotipo personalizado inyectar javascript o HTML de su elecci\u00f3n a trav\u00e9s del campo de texto alternativo. Esto afecta a todas las p\u00e1ginas que contienen la barra de navegaci\u00f3n, incluida la p\u00e1gina de inicio de sesi\u00f3n, lo que significa que el atacante puede robar credenciales de texto plano."
    }
  ],
  "id": "CVE-2023-40932",
  "lastModified": "2024-11-21T08:20:19.183",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-19T23:15:10.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://nagios.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/products/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "http://nagios.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nagios.com/products/security/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-545Q-9J8X-Q2GF

Vulnerability from github – Published: 2023-09-20 00:30 – Updated: 2024-04-04 07:44

Details

Severity

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-40932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-19T23:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.",
  "id": "GHSA-545q-9j8x-q2gf",
  "modified": "2024-04-04T07:44:37Z",
  "published": "2023-09-20T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40932"
    },
    {
      "type": "WEB",
      "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "https://www.nagios.com/products/security"
    },
    {
      "type": "WEB",
      "url": "http://nagios.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-40932

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-40932

Aliases

CVE-2023-40932

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-40932",
    "id": "GSD-2023-40932"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-40932"
      ],
      "details": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.",
      "id": "GSD-2023-40932",
      "modified": "2023-12-13T01:20:43.876148Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-40932",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://nagios.com",
            "refsource": "MISC",
            "url": "http://nagios.com"
          },
          {
            "name": "https://www.nagios.com/products/security/",
            "refsource": "MISC",
            "url": "https://www.nagios.com/products/security/"
          },
          {
            "name": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
            "refsource": "MISC",
            "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.11.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2023-40932"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://outpost24.com/blog/nagios-xi-vulnerabilities/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/"
            },
            {
              "name": "http://nagios.com",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "http://nagios.com"
            },
            {
              "name": "https://www.nagios.com/products/security/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.nagios.com/products/security/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-09-22T01:13Z",
      "publishedDate": "2023-09-19T23:15Z"
    }
  }
}

WID-SEC-W-2023-2308

Vulnerability from csaf_certbund - Published: 2023-09-11 22:00 - Updated: 2023-09-11 22:00

Summary

Nagios Enterprises Nagios XI: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Nagios XI ist eine auf der open-source Software Nagios basierende, aber um proprietäre Komponenten erweiterte kommerzielle Version, die eine Überwachung komplexer IT-Strukturen ermöglicht.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Nagios Enterprises Nagios XI ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten oder um Daten zu manipulieren.

Betroffene Betriebssysteme: - UNIX - Linux

CVE-2023-40934

Es bestehen mehrere Schwachstellen in Nagios Enterprises Nagios XI. Diese Fehler bestehen in der Konfigurationsschnittstelle des Accouchement-Banners und in den Seiten CCM Host und Service Escalation aufgrund eines SQL-Injection-Problems. Ein Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

CVE-2023-40933

CVE-2023-40931

CVE-2023-40932

In Nagios Enterprises Nagios XI existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in Custom Logo component nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.nagios.com/downloads/nagios-xi/change-log/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Nagios XI ist eine auf der open-source Software Nagios basierende, aber um propriet\u00e4re Komponenten erweiterte kommerzielle Version, die eine \u00dcberwachung komplexer IT-Strukturen erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Nagios Enterprises Nagios XI ausnutzen, um einen Cross-Site-Scripting-Angriff zu starten oder um Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2308 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2308.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2308 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2308"
      },
      {
        "category": "external",
        "summary": "Nagiox XI Changelog vom 2023-09-11",
        "url": "https://www.nagios.com/downloads/nagios-xi/change-log/"
      }
    ],
    "source_lang": "en-US",
    "title": "Nagios Enterprises Nagios XI: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-11T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:15.013+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2308",
      "initial_release_date": "2023-09-11T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-11T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Nagios Enterprises Nagios XI \u003c 5.11.2",
            "product": {
              "name": "Nagios Enterprises Nagios XI \u003c 5.11.2",
              "product_id": "T029780",
              "product_identification_helper": {
                "cpe": "cpe:/a:nagios:nagios_xi:5.11.2"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Nagios Enterprises"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-40934",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Nagios Enterprises Nagios XI. Diese Fehler bestehen in der Konfigurationsschnittstelle des Accouchement-Banners und in den Seiten CCM Host und Service Escalation aufgrund eines SQL-Injection-Problems. Ein Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-40934"
    },
    {
      "cve": "CVE-2023-40933",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Nagios Enterprises Nagios XI. Diese Fehler bestehen in der Konfigurationsschnittstelle des Accouchement-Banners und in den Seiten CCM Host und Service Escalation aufgrund eines SQL-Injection-Problems. Ein Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-40933"
    },
    {
      "cve": "CVE-2023-40931",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Nagios Enterprises Nagios XI. Diese Fehler bestehen in der Konfigurationsschnittstelle des Accouchement-Banners und in den Seiten CCM Host und Service Escalation aufgrund eines SQL-Injection-Problems. Ein Angreifer kann diese Schwachstellen ausnutzen, um Daten zu manipulieren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-40931"
    },
    {
      "cve": "CVE-2023-40932",
      "notes": [
        {
          "category": "description",
          "text": "In Nagios Enterprises Nagios XI existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in Custom Logo component nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2023-09-11T22:00:00.000+00:00",
      "title": "CVE-2023-40932"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-40932 (GCVE-0-2023-40932)

BDU:2023-06150

FKIE_CVE-2023-40932

GHSA-545Q-9J8X-Q2GF

GSD-2023-40932

WID-SEC-W-2023-2308

Tags

Sightings

Nomenclature