Vulnerabilities > Nagios > Nagios XI > 5.5.7

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-51072 Cross-site Scripting vulnerability in Nagios XI
A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section.
network
low complexity
nagios CWE-79
5.4
2023-12-14 CVE-2023-48084 SQL Injection vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
network
low complexity
nagios CWE-89
critical
9.8
2023-12-14 CVE-2023-48085 Unspecified vulnerability in Nagios XI
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
network
low complexity
nagios
critical
9.8
2023-09-19 CVE-2023-40932 Cross-site Scripting vulnerability in Nagios XI
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field.
network
low complexity
nagios CWE-79
5.4
2023-09-19 CVE-2023-40933 SQL Injection vulnerability in Nagios XI
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
network
low complexity
nagios CWE-89
8.8
2023-09-19 CVE-2023-40934 SQL Injection vulnerability in Nagios XI
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
network
low complexity
nagios CWE-89
7.2
2022-06-29 CVE-2022-29269 Cross-site Scripting vulnerability in Nagios XI
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
network
low complexity
nagios CWE-79
6.5
2022-06-29 CVE-2022-29270 Missing Authentication for Critical Function vulnerability in Nagios XI
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
network
low complexity
nagios CWE-306
4.3
2022-06-29 CVE-2022-29271 Incorrect Authorization vulnerability in Nagios XI
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services.
network
low complexity
nagios CWE-863
6.5
2022-06-29 CVE-2022-29272 Open Redirect vulnerability in Nagios XI
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
network
nagios CWE-601
5.8