Primary

Context

Nagios Fusion Stored Cross-Site Scripting Vulnerability in Email Settings Configuration

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Nagios Fusion versions prior to 4.2.0. This issue arises when users add or configure email settings, as unsanitized input can be saved and later displayed in the administrative interface. This allows JavaScript to execute in the browsers of users who view the affected page. An attacker with the ability to modify SMTP or sendmail configuration fields could inject a malicious payload that executes in the context of other users' browsers.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the affected page.

Remediation

Users are advised to upgrade to Nagios Fusion version 4.2.0 or higher.

Added: Oct 30, 2025, 11:13 PM

Updated: Oct 30, 2025, 11:13 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Fusion Stored Cross-Site Scripting Vulnerability in Email Settings Configuration

Vulnerability

Impact

Remediation

Affected Products

Nagios Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating