Multiple Cross-Site Scripting Vulnerabilities in Nagios XI by Nagios
CVE-2022-38248

6.1MEDIUM

Key Information:

Vendor: Nagios
Status: Nagios Xi
Vendor: CVE Published:; 7 September 2022

What is CVE-2022-38248?

Multiple cross-site scripting vulnerabilities were found in Nagios XI, specifically in the auditlog.php file. These vulnerabilities could allow attackers to inject malicious scripts into the web application, posing risks to users interacting with the affected interface. Promptly updating to Nagios XI version 5.8.7 or later is crucial to mitigate potential security threats.

References

https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
Aug 15, 2022