CVE-2022-38249
published 2022-09-07CVE-2022-38249: Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.72%
74.6th percentile
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | nagios_xi | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m6r4-p392-94hc: Nagios XI v5
ghsa_unreviewed·2022-09-08
CVE-2022-38249 [MEDIUM] CWE-79 GHSA-m6r4-p392-94hc: Nagios XI v5
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
OSV
CVE-2022-38249: Nagios XI v5
osv·2022-09-07·CVSS 6.1
CVE-2022-38249 [MEDIUM] CVE-2022-38249: Nagios XI v5
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
Red Hat
nagios: cross-site scripting (XSS) vulnerability via the MTR component
vendor_redhat·2022-09-08·CVSS 6.1
CVE-2022-38249 [MEDIUM] CWE-79 nagios: cross-site scripting (XSS) vulnerability via the MTR component
nagios: cross-site scripting (XSS) vulnerability via the MTR component
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
Statement: Red Hat Gluster Storage (RHGS) 3.5 no longer supports monitoring using Nagios. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters, hence the Nagios package provided by RHGS will not be fixed.
Package: nagios (Red Hat Storage 3) - Will not fix
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-07
Published