Vulnerabilities > Nagios > Nagios XI > 5.5.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-33177 | SQL Injection vulnerability in Nagios XI The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. | 6.5 |
| 2021-10-14 | CVE-2021-33179 | Cross-site Scripting vulnerability in Nagios XI The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. | 4.3 |
| 2021-10-05 | CVE-2021-37223 | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. | 4.0 |
| 2021-09-28 | CVE-2021-36363 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | 7.5 |
| 2021-09-28 | CVE-2021-36364 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. | 7.5 |
| 2021-09-28 | CVE-2021-36365 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | 7.5 |
| 2021-09-28 | CVE-2021-36366 | Unspecified vulnerability in Nagios XI Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards. | 7.5 |
| 2021-09-15 | CVE-2021-38156 | Cross-site Scripting vulnerability in Nagios XI In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | 3.5 |
| 2021-08-13 | CVE-2021-37343 | Path Traversal vulnerability in Nagios XI A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | 6.5 |
| 2021-08-13 | CVE-2021-37345 | Improper Privilege Management vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | 4.6 |