UBUNTU-CVE-2022-50942
- Source
- https://ubuntu.com/security/CVE-2022-50942
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-50942.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-50942
- Upstream
- Published
- 2026-02-01T13:15:00Z
- Modified
- 2026-02-04T19:18:39.092920Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
- References
-
- https://ubuntu.com/security/CVE-2022-50942
- https://www.cve.org/CVERecord?id=CVE-2022-50942
- https://www.vulnerability-lab.com/get_content.php?id=2273
- https://github.com/Icinga/icingaweb2
- https://icinga.com/
- https://www.vulncheck.com/advisories/inciga-web-client-side-cross-site-scripting-via-eventlistener
Affected packages
Ubuntu:16.04:LTS
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.1.0-1ubuntu1.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.4.1-1ubuntu0.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.1-1ubuntu0.1",
"binary_name": "icingacli"
},
{
"binary_version": "2.4.1-1ubuntu0.1",
"binary_name": "icingaweb2"
},
{
"binary_version": "2.4.1-1ubuntu0.1",
"binary_name": "icingaweb2-common"
},
{
"binary_version": "2.4.1-1ubuntu0.1",
"binary_name": "icingaweb2-module-monitoring"
},
{
"binary_version": "2.4.1-1ubuntu0.1",
"binary_name": "php-icinga"
}
]
}Ubuntu:20.04:LTS
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.7.3-1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.7.3-1",
"binary_name": "icingacli"
},
{
"binary_version": "2.7.3-1",
"binary_name": "icingaweb2"
},
{
"binary_version": "2.7.3-1",
"binary_name": "icingaweb2-common"
},
{
"binary_version": "2.7.3-1",
"binary_name": "icingaweb2-module-monitoring"
},
{
"binary_version": "2.7.3-1",
"binary_name": "php-icinga"
}
]
}Ubuntu:22.04:LTS
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.9.5-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.9.5-1",
"binary_name": "icingacli"
},
{
"binary_version": "2.9.5-1",
"binary_name": "icingaweb2"
},
{
"binary_version": "2.9.5-1",
"binary_name": "icingaweb2-common"
},
{
"binary_version": "2.9.5-1",
"binary_name": "icingaweb2-module-monitoring"
},
{
"binary_version": "2.9.5-1",
"binary_name": "php-icinga"
}
]
}Ubuntu:24.04:LTS
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.12.1-1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.12.1-1",
"binary_name": "icingacli"
},
{
"binary_version": "2.12.1-1",
"binary_name": "icingaweb2"
},
{
"binary_version": "2.12.1-1",
"binary_name": "icingaweb2-common"
},
{
"binary_version": "2.12.1-1",
"binary_name": "icingaweb2-module-monitoring"
},
{
"binary_version": "2.12.1-1",
"binary_name": "php-icinga"
}
]
}Ubuntu:25.10
icingaweb2
Package
- Name
- icingaweb2
- Purl
- pkg:deb/ubuntu/icingaweb2@2.12.4-2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.12.4-2",
"binary_name": "icingacli"
},
{
"binary_version": "2.12.4-2",
"binary_name": "icingaweb2"
},
{
"binary_version": "2.12.4-2",
"binary_name": "icingaweb2-common"
},
{
"binary_version": "2.12.4-2",
"binary_name": "icingaweb2-module-monitoring"
},
{
"binary_version": "2.12.4-2",
"binary_name": "php-icinga"
}
]
}