CVE-2022-50584

MEDIUM

5.4

Descricao

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado10/30/2025

Ultima modificacao11/6/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

nagios:nagios_xi

Fraquezas (CWE)

CWE-79

Referencias

https://www.nagios.com/changelog/nagios-xi/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-search-and-deletion-flows(disclosure@vulncheck.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.