Cross-Site Scripting Vulnerability in Nagios XI by Nagios Enterprises
CVE-2022-50588

5.1MEDIUM

Key Information:

Vendor

NagiOS

Status
Xi
Vendor
CVE Published:
30 October 2025

What is CVE-2022-50588?

Nagios XI versions before 5.8.9 are exposed to a cross-site scripting (XSS) vulnerability within the update checking feature. This flaw arises from inadequate validation or escaping of user-supplied input, which could potentially permit an attacker to inject and execute arbitrary scripts within the browser context of unsuspecting users.

Affected Version(s)

XI 0 < 5.8.9

References

https://www.nagios.com/changelog/nagios-xi/
release-notespatch
https://www.vulncheck.com/advisories/nagios-xi-stored-xss...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-50588 : Cross-Site Scripting Vulnerability in Nagios XI by Nagios Enterprises