LiveActive security incident?Get immediate response
CVE Record

CVE-2023-40932: A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attac...

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Nagios XI versions 5.11.1 and below are reported vulnerable to authenticated stored XSS through the custom logo alt-text field. Because the injected content appears in the navbar, including the login page, a compromised or low-trust admin user could potentially capture plaintext credentials.

Executive priority

Prioritize remediation for shared, internet-facing, or high-trust monitoring systems. This is not reported as actively exploited, but credential exposure from a monitoring login page can create broader operational risk.

Technical view

The issue is an authenticated XSS in Nagios XI custom logo handling. An attacker with access to that component can place JavaScript or HTML in the alt-text field, and affected pages rendering the navbar may execute or display it. The bundle provides no CVSS, CWE, CPE, or confirmed fixed version.

Likely exposure

Exposure is likely limited to Nagios XI deployments at version 5.11.1 or earlier where authenticated users can manage the custom logo component.

Exploitation context

The source bundle does not claim active exploitation, and the CVE is not listed as KEV. The concerning impact is credential theft because the affected navbar appears on the login page.

Researcher notes

Evidence is useful but incomplete. The CVE description names Nagios XI 5.11.1 and below, but the structured affected data is placeholder and no CVSS, CWE, CPE, or explicit patch version is provided in the bundle.

Mitigation direction

  • Identify Nagios XI instances and confirm whether they run version 5.11.1 or below.
  • Restrict custom logo component access to highly trusted administrators only.
  • Check Nagios vendor security guidance for the fixed or recommended upgrade release.
  • Review custom logo alt text for unexpected HTML or script-like content.
  • Rotate credentials if suspicious navbar or login-page content is found.

Validation and detection

  • Inventory Nagios XI versions across production, staging, and externally reachable systems.
  • Review role permissions for users who can modify custom logo settings.
  • Inspect current custom logo alt-text values for unauthorized markup.
  • Check web logs and admin audit records for recent custom logo changes.
  • Confirm remediation against Nagios guidance after applying updates or configuration changes.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-40932 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
3Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.