CVE-2023-7313
published 2025-10-30CVE-2023-7313: Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.44%
35.2th percentile
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| nagios | nagios_xi | < 5.11.3 | 5.11.3 |
| nagios | xi | < 5.11.3 | 5.11.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_apache6.5
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x6f-f882-qfh8: Nagios XI versions prior to 5
ghsa_unreviewed·2025-10-31
CVE-2023-7313 [MEDIUM] CWE-79 GHSA-8x6f-f882-qfh8: Nagios XI versions prior to 5
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Apache
Apache nifi: CVE-2023-34212
vendor_apache·CVSS 6.5
CVE-2023-34212 Apache nifi: CVE-2023-34212
Apache nifi: CVE-2023-34212
Title: Potential Deserialization of Untrusted Data with JNDI in JMS Components Published: 2023-06-12 Severity: Medium Products: Apache NiFi Affected Versions: 1.8.0 to 1.21.0 Fixed Versions: 1.22.0 Reporter: Veraxy00 of Qianxin TI Center and Matei 'Mal' Badanoiu References CVE Record: CVE-2023-34212 NVD Record: CVE-2023-34212 Apache Jira Issue: NIFI-11614 GitHub Pull Request: 7313 The JndiJmsConnectionFactoryProvider Controller Service along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-30
Published