Vulnerabilities > Nagios > Nagios XI > 5.5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-15712 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 4.3 |
| 2018-11-14 | CVE-2018-15711 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. | 6.5 |
| 2018-11-14 | CVE-2018-15710 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | 7.2 |
| 2018-11-14 | CVE-2018-15709 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | 6.5 |
| 2018-11-14 | CVE-2018-15708 | Unspecified vulnerability in Nagios XI 5.5.6 Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | 7.5 |
| 2013-11-26 | CVE-2013-6875 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | 7.5 |