This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of  https://www.cve.org/CVERecord?id=CVE-2021-33179 .

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Nagios
  • Xi

No data.

No data.

References

No reference.

History

Fri, 31 Oct 2025 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Fri, 31 Oct 2025 14:00:00 +0000

Type Values Removed Values Added
Description The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of  https://www.cve.org/CVERecord?id=CVE-2021-33179 .
Title Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

 cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Fri, 31 Oct 2025 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nagios
Nagios xi
Vendors & Products Nagios
Nagios xi

Thu, 30 Oct 2025 21:45:00 +0000

Type Values Removed Values Added
Description The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Title Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}
cve-icon MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2025-10-30T21:34:27.631Z

Updated: 2025-10-31T13:48:07.570Z

Reserved: 2025-10-29T19:30:49.132Z

Link: CVE-2021-47692

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Rejected

Published: 2025-10-30T22:15:40.533

Modified: 2025-10-31T14:16:10.133

Link: CVE-2021-47692

cve-icon Redhat

No data.