Vulnerabilities > Nagios > Nagios XI > 5.6.9

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-27989 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
network
low complexity
nagios CWE-79
5.4
2020-11-16 CVE-2020-27988 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
network
low complexity
nagios CWE-79
5.4
2020-11-16 CVE-2020-28648 Improper Input Validation vulnerability in Nagios XI
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
network
low complexity
nagios CWE-20
8.8
2020-10-20 CVE-2020-5791 OS Command Injection vulnerability in Nagios XI
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
network
low complexity
nagios CWE-78
7.2
2020-09-09 CVE-2020-15903 Unspecified vulnerability in Nagios XI
An issue was found in Nagios XI before 5.7.3.
network
low complexity
nagios
critical
9.8
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
2020-07-22 CVE-2020-15901 Unspecified vulnerability in Nagios XI
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
network
low complexity
nagios
8.8
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
8.8
2019-12-30 CVE-2019-20139 Cross-site Scripting vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter.
network
low complexity
nagios CWE-79
5.4