This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2023-7323.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Nagios
  • Log Server

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Nagios
  • Log Server
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Mon, 10 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
CPEs cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Mon, 10 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
Title Nagios Log Server < 2024R1 Stored XSS via Username
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 10 Nov 2025 19:00:00 +0000

Type Values Removed Values Added
Description Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected page, the browser executes the injected script in the victim's context. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2023-7323.
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

 cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Thu, 06 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nagios:log_server:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Fri, 31 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 31 Oct 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nagios
Nagios log Server
Vendors & Products Nagios
Nagios log Server

Thu, 30 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Description Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected page, the browser executes the injected script in the victim's context.
Title Nagios Log Server < 2024R1 Stored XSS via Username
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}
cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published:

Updated: 2025-11-10T18:51:10.222Z

Reserved: 2025-10-20T19:35:53.946Z

Link: CVE-2024-58272

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-10-30T22:15:46.597

Modified: 2025-11-10T19:15:45.723

Link: CVE-2024-58272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-31T10:13:05Z