Vulnerability Summary: Reflected Cross-Site Scripting (XSS) in Nagios Fusion versions < 4.2.0 Severity: Medium Date: October 30, 2025 Affected Versions: Nagios Fusion < 4.2.0 CVE: CVE-2023-53689 CWE: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS) CVSS Score: 6 CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N References: - Nagios Fusion Disclosures - Nagios Fusion Changelog Credit: Tisha Manandhar Description: Reflected XSS exists in Nagios Fusion versions prior to 4.2.0 within the license key configuration flow. This can lead to the execution of attacker-controlled script in a user's browser if they access a crafted URL. Although the application server itself is not corrupted, the compromised browser can lead to credential/session theft and unauthorized administrative actions.