{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-07T21:14:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7", "refsource": "MISC", "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.983Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38251", "datePublished": "2022-09-07T21:14:38", "dateReserved": "2022-08-15T00:00:00", "dateUpdated": "2024-08-03T10:45:52.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_xi:5.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "9CDD4169-6B36-41E2-B9D5-2D56FE3ADCDF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel."}, {"lang": "es", "value": "Se ha detectado que Nagios XI versi\u00f3n v5.8.6, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la p\u00e1gina de configuraci\u00f3n del rendimiento del sistema en el panel de administraci\u00f3n"}], "id": "CVE-2022-38251", "lastModified": "2024-11-21T07:16:07.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-07T22:15:08.900", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nagios: cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel", "id": "2135658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135658"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel."], "name": "CVE-2022-38251", "package_state": [{"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Storage 3"}], "public_date": "2022-09-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-38251\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38251"], "statement": "Red Hat Gluster Storage (RHGS) 3.5 no longer supports monitoring using Nagios. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters, hence the Nagios package provided by RHGS will not be fixed.", "threat_severity": "Moderate"}