Vulnerabilities > Nagios > Nagios XI > 5.7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2020-28906 | Incorrect Default Permissions vulnerability in Nagios Fusion and Nagios XI Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. | 8.8 |
| 2021-05-24 | CVE-2020-28910 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | 9.8 |
| 2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 6.1 |
| 2021-02-15 | CVE-2021-25298 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25297 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-02-15 | CVE-2021-25296 | Unspecified vulnerability in Nagios XI Nagios XI version xi-5.7.5 is affected by OS command injection. | 8.8 |
| 2021-01-13 | CVE-2020-35578 | OS Command Injection vulnerability in Nagios XI An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. | 7.2 |
| 2020-11-16 | CVE-2020-27991 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 5.4 |
| 2020-11-16 | CVE-2020-27990 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | 5.4 |
| 2020-11-16 | CVE-2020-27989 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | 5.4 |