CVE-2022-50587 – Nagios XI versions before 5.8.9 contain a store... (How to Fix)

Q: What is the severity of CVE-2022-50587?

CVE-2022-50587 has a CVSS score of 5.4 (MEDIUM). Nagios XI versions before 5.8.9 contain a stored cross-site scripting vulnerability in the Apply Configuration error text. Attackers can inject malicious scripts that execute in victims' browsers when viewing configuration errors. This affects all Nagios XI administrators and users who access the monitoring interface.

📋 TL;DR

Nagios XI versions before 5.8.9 contain a stored cross-site scripting vulnerability in the Apply Configuration error text. Attackers can inject malicious scripts that execute in victims' browsers when viewing configuration errors. This affects all Nagios XI administrators and users who access the monitoring interface.

💻 Affected Systems

Products:

Nagios XI

Versions: All versions prior to 5.8.9

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have access to create or modify configuration with malicious payload.

📦 What is this software?

Nagios Xi by Nagios

View all CVEs affecting Nagios Xi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking of Nagios administrators, credential theft, or defacement of monitoring interface.

🟢

If Mitigated

Limited to script execution in browser context with proper content security policies and input validation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to inject payload into configuration error text.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.9

Vendor Advisory: https://www.nagios.com/changelog/nagios-xi/

Restart Required: No

Instructions:

1. Backup current configuration. 2. Download Nagios XI 5.8.9 or later. 3. Follow upgrade instructions from Nagios documentation. 4. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for configuration error text fields

Content Security Policy

all

Implement strict CSP headers to limit script execution

🧯 If You Can't Patch

Restrict access to Nagios XI interface to trusted users only
Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Nagios XI version via Admin > System Config > About page

Check Version:

cat /usr/local/nagiosxi/var/xiversion

Verify Fix Applied:

Verify version is 5.8.9 or later and test configuration error handling

📡 Detection & Monitoring

Log Indicators:

Unusual configuration error messages with script tags
Multiple failed configuration apply attempts

Network Indicators:

HTTP requests with script payloads in configuration parameters

SIEM Query:

source="nagios" AND ("script" OR "javascript" OR "onerror") AND "applyconfig"

📊 Metadata

CVE ID: CVE-2022-50587

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.5% exploit probability (65.6th percentile)

Published: October 30, 2025

Last Updated: November 5, 2025

🔗 References

https://www.nagios.com/changelog/nagios-xi/ Release Notes
https://www.vulncheck.com/advisories/nagios-xi-stored-xss-via-command-names-in-apply-config-error-text Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50587, you might also want to check these: