CVE-2024-47093 – CVE-2024-47093 is a cross-site scripting (XSS) ... (How to Fix)

Q: What is the severity of CVE-2024-47093?

CVE-2024-47093 has a CVSS score of 8.8 (HIGH). CVE-2024-47093 is a cross-site scripting (XSS) vulnerability in Nagvis versions before 1.9.42 due to improper input sanitization. Attackers can inject malicious scripts that execute in victims' browsers when they view affected Nagvis pages. This affects all Nagvis users running vulnerable versions.

📋 TL;DR

CVE-2024-47093 is a cross-site scripting (XSS) vulnerability in Nagvis versions before 1.9.42 due to improper input sanitization. Attackers can inject malicious scripts that execute in victims' browsers when they view affected Nagvis pages. This affects all Nagvis users running vulnerable versions.

💻 Affected Systems

Products:

Nagvis

Versions: All versions before 1.9.42

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Nagvis is typically deployed as part of Nagios monitoring infrastructure.

📦 What is this software?

Nagvis by Nagvis

View all CVEs affecting Nagvis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of Nagvis interface.

🟢

If Mitigated

Limited impact if proper web application firewalls, content security policies, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.42

Vendor Advisory: https://www.nagvis.org/downloads/changelog/1.9.42

Restart Required: Yes

Instructions:

1. Backup current Nagvis configuration. 2. Download Nagvis 1.9.42 from official site. 3. Replace existing Nagvis installation with new version. 4. Restart web server (Apache/Nginx). 5. Verify functionality.

🔧 Temporary Workarounds

Implement Content Security Policy

linux

Add CSP headers to restrict script execution sources

Add to web server config: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Restart web server

Web Application Firewall Rules

all

Configure WAF to block XSS payloads in Nagvis requests

ModSecurity rule: SecRule ARGS "<script" "id:1001,phase:2,deny,msg:'XSS Attempt'"
Reload WAF configuration

🧯 If You Can't Patch

Isolate Nagvis instance behind network segmentation
Implement strict input validation at reverse proxy level

🔍 How to Verify

Check if Vulnerable:

Check Nagvis version in web interface footer or configuration files

Check Version:

grep '\$version' /usr/local/nagvis/share/nagvis/includes/defines/global.php | head -1

Verify Fix Applied:

Verify version shows 1.9.42 or higher and test XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST parameters containing script tags or JavaScript in Nagvis access logs
Multiple failed login attempts followed by suspicious parameter values

Network Indicators:

HTTP requests to Nagvis with encoded script payloads in parameters
Outbound connections to unknown domains after Nagvis access

SIEM Query:

source="nagvis_access.log" AND ("<script" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2024-47093

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: December 19, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47093, you might also want to check these: