CVE-2022-50942

NameCVE-2022-50942
DescriptionInciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icingaweb2 (PTS)bullseye2.8.2-2undetermined
bookworm2.11.4-2+deb12u1undetermined
trixie2.12.4-2undetermined
forky, sid2.12.6-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icingaweb2source(unstable)undetermined

Notes

https://www.vulnerability-lab.com/get_content.php?id=2273
check status upstream
Search for package or bug name: Reporting problems