{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-07T21:14:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38249", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7", "refsource": "MISC", "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.959Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38249", "datePublished": "2022-09-07T21:14:39", "dateReserved": "2022-08-15T00:00:00", "dateUpdated": "2024-08-03T10:45:52.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nagios:nagios_xi:5.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "9CDD4169-6B36-41E2-B9D5-2D56FE3ADCDF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4."}, {"lang": "es", "value": "Se ha detectado que Nagios XI versi\u00f3n v5.8.6, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente MTR en versi\u00f3n 1.0.4"}], "id": "CVE-2022-38249", "lastModified": "2022-09-09T15:22:59.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-07T22:15:08.817", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nagios.com/downloads/nagios-xi/change-log/#5.8.7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nagios: cross-site scripting (XSS) vulnerability via the MTR component", "id": "2135644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135644"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4."], "name": "CVE-2022-38249", "package_state": [{"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Will not fix", "package_name": "nagios", "product_name": "Red Hat Storage 3"}], "public_date": "2022-09-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-38249\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38249"], "statement": "Red Hat Gluster Storage (RHGS) 3.5 no longer supports monitoring using Nagios. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters, hence the Nagios package provided by RHGS will not be fixed.", "threat_severity": "Moderate"}