Vulnerabilities > Nagios > Nagios XI > 5.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-05-24 | CVE-2020-28910 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | 9.8 |
| 2021-02-25 | CVE-2021-3273 | Code Injection vulnerability in Nagios XI Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. | 7.2 |
| 2021-01-26 | CVE-2021-3193 | Unspecified vulnerability in Nagios XI Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. | 9.8 |
| 2021-01-13 | CVE-2020-35578 | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 7.2 |
| 2020-11-16 | CVE-2020-27991 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 5.4 |
| 2020-11-16 | CVE-2020-27990 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | 5.4 |
| 2020-11-16 | CVE-2020-27989 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | 5.4 |
| 2020-11-16 | CVE-2020-27988 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | 5.4 |
| 2020-11-16 | CVE-2020-28648 | Improper Input Validation vulnerability in Nagios XI Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | 8.8 |