CVE-2021-47692 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 .

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Nagios Subscribe	Xi Subscribe

Project Subscriptions

Vendors	Products
Nagios Subscribe	Xi Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Fri, 31 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79
References	https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-lock-page-functionality
Metrics	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 31 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description	The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 .
Title	Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Metrics	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 31 Oct 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nagios Nagios xi
Vendors & Products		Nagios Nagios xi

Thu, 30 Oct 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Title		Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
Weaknesses		CWE-79
References		https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-ccm-xss-via-lock-page-functionality
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2025-10-30T21:34:27.631Z

Updated: 2025-10-31T13:48:07.570Z

Reserved: 2025-10-29T19:30:49.132Z

Link: CVE-2021-47692

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-10-30T22:15:40.533

Modified: 2025-10-31T14:16:10.133

Link: CVE-2021-47692

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-10-31T10:13:21Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object