Vulnerabilities > Nagios > Nagios XI > 2012r1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-51072 | Cross-site Scripting vulnerability in Nagios XI A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. | 5.4 |
| 2013-11-26 | CVE-2013-6875 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | 7.5 |