Detections
Analytics

CVE-2022-50942

medium

Description

Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.

References

https://www.vulnerability-lab.com/get_content.php?id=2273

https://www.vulncheck.com/advisories/inciga-web-client-side-cross-site-scripting-via-eventlistener

https://icinga.com/

https://github.com/Icinga/icingaweb2

Details

Source: Mitre, NVD

Published: 2026-02-01

Updated: 2026-02-01

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Severity: Medium