PT-2022-19511 · Nagios Xi · Nagios Xi
Published
2022-06-29
·
Updated
2023-08-08
·
CVE-2022-29269
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Nagios XI versions 5.8.5 and earlier
Description
The issue allows an authenticated attacker to inject HTML tags in the schedule report function, leading to the reformatting or editing of emails from an official email address.
Recommendations
For Nagios XI versions 5.8.5 and earlier, consider disabling the schedule report function until a patch is available to prevent HTML tag injection.
Restrict access to the schedule report function to minimize the risk of exploitation.
Avoid using the schedule report function in Nagios XI until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nagios Xi