CVE-2021-47690 – This cross-site scripting vulnerability in Nagi... (How to Fix)

Q: What is the severity of CVE-2021-47690?

CVE-2021-47690 has a CVSS score of 5.4 (MEDIUM). This cross-site scripting vulnerability in Nagios XI's Core Config Manager allows attackers to inject malicious scripts into overlay modals. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies or performing actions as the user. Organizations running Nagios XI versions before 5.8.2 or CCM before 3.1.1 are affected.

📋 TL;DR

This cross-site scripting vulnerability in Nagios XI's Core Config Manager allows attackers to inject malicious scripts into overlay modals. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies or performing actions as the user. Organizations running Nagios XI versions before 5.8.2 or CCM before 3.1.1 are affected.

💻 Affected Systems

Products:

Nagios XI
Nagios Core Config Manager (CCM)

Versions: Nagios XI versions prior to 5.8.2, CCM versions prior to 3.1.1

Operating Systems: All platforms running Nagios XI

Default Config Vulnerable: ⚠️ Yes

Notes: All Nagios XI installations with CCM component are vulnerable in default configuration.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full administrative access to Nagios XI, and potentially compromises the monitoring infrastructure and monitored systems.

🟠

Likely Case

Attacker steals user session cookies to gain unauthorized access to Nagios XI, potentially modifying monitoring configurations or accessing sensitive system information.

🟢

If Mitigated

Script execution is blocked by browser security features or web application firewalls, limiting impact to minor UI disruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (victim must visit malicious link or page) and authentication to Nagios XI.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nagios XI 5.8.2 or CCM 3.1.1

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: No

Instructions:

1. Backup current Nagios XI installation. 2. Download Nagios XI 5.8.2 or later from Nagios customer portal. 3. Follow Nagios XI upgrade documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add Content Security Policy headers to restrict script execution sources

Add 'Content-Security-Policy: script-src 'self'' to web server configuration

Web Application Firewall Rules

all

Configure WAF to detect and block XSS payloads in overlay modal parameters

🧯 If You Can't Patch

Restrict Nagios XI access to trusted users only using network segmentation
Implement strong session management with short timeouts and secure cookie attributes

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About page or run: cat /usr/local/nagiosxi/var/xiversion

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 5.8.2 or higher and check that overlay modals properly escape user input

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript in HTTP request parameters to overlay endpoints
Multiple failed XSS attempts in web server logs

Network Indicators:

HTTP requests containing script tags or JavaScript in overlay modal parameters

SIEM Query:

source="web_server_logs" AND (uri="*overlay*" OR uri="*modal*") AND (message="*<script>*" OR message="*javascript:*")

📊 Metadata

CVE ID: CVE-2021-47690

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: October 30, 2025

Last Updated: November 6, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-overlay-modals Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47690, you might also want to check these: