CVE-2022-29269

Опубликовано: 29 июн. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.

Ссылки

https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory
https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT
Release Notes
Vendor Advisory
https://github.com/4LPH4-NL/CVEs
Third Party Advisory
https://github.com/sT0wn-nl/CVEs/blob/master/README.md#nagios-xi
Third Party Advisory
https://www.nagios.com/downloads/nagios-xi/change-log/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*

Версия до 5.8.5 (включая)

EPSS

Процентиль: 90%

0.05094

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rf44-grr9-2cf3