CVE-2022-38248
published 2022-09-07CVE-2022-38248: Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.72%
74.6th percentile
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | < 5.8.7 | 5.8.7 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php
vendor_redhat·2022-09-08·CVSS 6.1
CVE-2022-38248 [MEDIUM] CWE-79 nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php
nagios: multiple cross-site scripting (XSS) vulnerabilities at auditlog.php
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
Statement: Red Hat Gluster Storage (RHGS) 3.5 no longer supports monitoring using Nagios. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters, hence the Nagios package provided by RHGS will not be fixed.
Package: nagios (Red Hat Storage 3) - Will not fix
GHSA
GHSA-73x7-j5f8-6p22: Nagios XI before v5
ghsa_unreviewed·2022-09-08
CVE-2022-38248 [MEDIUM] CWE-79 GHSA-73x7-j5f8-6p22: Nagios XI before v5
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
OSV
CVE-2022-38248: Nagios XI before v5
osv·2022-09-07·CVSS 6.1
CVE-2022-38248 [MEDIUM] CVE-2022-38248: Nagios XI before v5
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-07
Published