Vulnerabilities > Nagios > Fusion > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28903 | Cross-site Scripting vulnerability in Nagios Fusion Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. | 4.3 |
| 2021-05-24 | CVE-2020-28905 | Code Injection vulnerability in Nagios Fusion Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | 6.5 |
| 2021-05-24 | CVE-2020-28911 | Insecure Storage of Sensitive Information vulnerability in Nagios Fusion Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | 4.0 |
| 2018-06-16 | CVE-2018-12501 | Cross-site Scripting vulnerability in Nagios Fusion Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | 4.3 |