Vulnerabilities > Nagios > Nagios XI > 5.5.11

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-27989 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27988 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-28648 Improper Input Validation vulnerability in Nagios XI
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
network
low complexity
nagios CWE-20
8.8
8.8
2020-09-09 CVE-2020-15903 Unspecified vulnerability in Nagios XI
An issue was found in Nagios XI before 5.7.3.
network
low complexity
nagios
critical
 9.8
9.8
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
6.1
2020-07-22 CVE-2020-15901 Unspecified vulnerability in Nagios XI
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
network
low complexity
nagios
8.8
8.8
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
8.8
8.8