Vulnerabilities > Nagios > Nagios XI > 5.5.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-15901 | Unspecified vulnerability in Nagios XI In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | 8.8 |
| 2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 9.0 |
| 2019-07-10 | CVE-2018-17147 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.5.4 has XSS in the auto login admin management page. | 3.5 |
| 2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 5.0 |
| 2019-06-19 | CVE-2018-17146 | Cross-site Scripting vulnerability in Nagios XI A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. | 3.5 |
| 2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
| 2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
| 2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
| 2019-03-28 | CVE-2019-9164 | Cross-site Scripting vulnerability in Nagios XI Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 8.8 |
| 2018-12-17 | CVE-2018-20172 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 4.3 |