CVE-2022-50942

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

CVE-2022-50942 is a client-side cross-site scripting vulnerability in Icinga Web 2.8.2 that allows attackers to inject malicious scripts through the icinga.min.js file. This can lead to session hijacking and phishing attacks when users interact with the compromised web interface. Organizations running Icinga Web 2.8.2 are affected.

💻 Affected Systems

Products:
  • Icinga Web 2
Versions: 2.8.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of Icinga Web 2.8.2 are vulnerable regardless of configuration.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers hijack administrator sessions, gain full control of the monitoring system, steal credentials, and pivot to internal networks.

🟠

Likely Case

Attackers steal user sessions, perform phishing attacks, and manipulate monitoring data/alerts.

🟢

If Mitigated

Limited impact due to proper input validation, CSP headers, and session security controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.3

Vendor Advisory: https://icinga.com/blog/2022/10/24/icinga-web-2-8-3-released/

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Download Icinga Web 2.8.3 from official repository. 3. Replace existing installation with patched version. 4. Restart web server service.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to web server config: Content-Security-Policy: script-src 'self'

Input Validation Filter

all

Add input sanitization for EventListener parameters

Implement JavaScript input validation before EventListener.handleEvent calls

🧯 If You Can't Patch

  • Restrict access to Icinga Web interface using network ACLs/firewall rules
  • Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check Icinga Web version via web interface or configuration files

Check Version:

grep version /usr/share/icingaweb2/application/config/version.ini

Verify Fix Applied:

Verify version is 2.8.3 or later and test XSS payloads no longer execute

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript execution patterns
  • Suspicious EventListener calls in browser logs

Network Indicators:

  • Malicious script injections in HTTP requests to icinga.min.js

SIEM Query:

source="web_access_logs" AND uri="*icinga.min.js*" AND (content="<script>" OR content="javascript:")

📊 Metadata

CVE ID: CVE-2022-50942
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: February 1, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This