CVE-2022-50584 - Vulnerability Details

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nagios	Xi

No data.

References

Link	Providers
https://www.nagios.com/changelog/nagios-xi/
https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-search-and-deletion-flows

History

Fri, 31 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 31 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nagios Nagios xi
Vendors & Products		Nagios Nagios xi

Thu, 30 Oct 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Title		Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows
Weaknesses		CWE-79
References		https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-search-and-deletion-flows
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-10-30T21:36:08.674Z

Updated: 2025-10-31T14:20:17.635Z

Reserved: 2025-10-29T20:12:38.915Z

Link: CVE-2022-50584

Vulnrichment

Updated: 2025-10-31T14:20:14.786Z

NVD

Status : Received

Published: 2025-10-30T22:15:41.790

Modified: 2025-10-30T22:15:41.790

Link: CVE-2022-50584

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object