CVE-2021-47692 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 .

Published: 2025-10-30

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Vendor	Product	Confidence	Versions
Nagios	Xi	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

No reference.

History

Fri, 31 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79
References	https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-lock-page-functionality
Metrics	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 31 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 .
Title	Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Metrics	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 31 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nagios Nagios xi
Vendors & Products		Nagios Nagios xi

Thu, 30 Oct 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Title		Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Weaknesses		CWE-79
References		https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-lock-page-functionality
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

Subscriptions

Nagios Xi

MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2025-10-30T21:34:27.631Z

Updated: 2025-10-31T13:48:07.570Z

Reserved: 2025-10-29T19:30:49.132Z

Link: CVE-2021-47692

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-10-30T22:15:40.533

Modified: 2025-10-31T14:16:10.133

Link: CVE-2021-47692

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-10-31T10:13:21Z

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object