Vulnerabilities > Nagios > Nagios XI > 5.6.5

DATE CVE VULNERABILITY TITLE RISK
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
6.1
2020-07-22 CVE-2020-15901 Unspecified vulnerability in Nagios XI
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
network
low complexity
nagios
8.8
8.8
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
critical
 9.0
9.0
2013-11-26 CVE-2013-6875 SQL Injection vulnerability in Nagios XI
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
network
low complexity
nagios CWE-89
7.5
7.5