CVE-2025-56432

{"id": "CVE-2025-56432", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-08-26T16:15:37.590", "references": [{"url": "http://nagios.com", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.nagios.com/changelog/", "tags": ["Release Notes"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) en Nagios XI 2024R2. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario en la sesi\u00f3n de un usuario conectado mediante una URL especialmente manipulada. El problema reside en un componente web responsable de renderizar datos relacionados con el rendimiento."}], "lastModified": "2025-09-09T18:56:36.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_xi:2024:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB1C8BD9-B45A-42EA-9381-7E1E913BAE77"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}