Vulnerabilities > Nagios > Nagios XI > 5.5.6

DATE CVE VULNERABILITY TITLE RISK
2019-03-28 CVE-2019-9164 Cross-site Scripting vulnerability in Nagios XI
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
network
low complexity
nagios CWE-79
8.8
8.8
2018-12-17 CVE-2018-20172 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
6.1
2018-12-17 CVE-2018-20171 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
6.1
2018-11-14 CVE-2018-15714 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
network
low complexity
nagios CWE-79
6.1
6.1
2018-11-14 CVE-2018-15713 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
network
low complexity
nagios CWE-79
5.4
5.4
2018-11-14 CVE-2018-15712 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
network
low complexity
nagios CWE-79
6.1
6.1
2018-11-14 CVE-2018-15711 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users.
network
low complexity
nagios CWE-78
8.8
8.8
2018-11-14 CVE-2018-15710 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
local
low complexity
nagios CWE-78
7.8
7.8
2018-11-14 CVE-2018-15709 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
nagios CWE-78
8.8
8.8
2018-11-14 CVE-2018-15708 Unspecified vulnerability in Nagios XI 5.5.6
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
nagios
critical
 9.8
9.8