Vulnerabilities > Nagios > Nagios XI

DATE CVE VULNERABILITY TITLE RISK
2022-09-07 CVE-2022-38249 Cross-site Scripting vulnerability in Nagios XI 5.8.6
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
network
low complexity
nagios CWE-79
6.1
6.1
2022-09-07 CVE-2022-38250 SQL Injection vulnerability in Nagios XI 5.8.6
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
network
low complexity
nagios CWE-89
critical
 9.8
9.8
2022-09-07 CVE-2022-38251 Cross-site Scripting vulnerability in Nagios XI 5.8.6
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
network
low complexity
nagios CWE-79
4.8
4.8
2022-09-07 CVE-2022-38254 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
network
low complexity
nagios CWE-79
6.1
6.1
2022-06-29 CVE-2022-29269 Cross-site Scripting vulnerability in Nagios XI
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
network
low complexity
nagios CWE-79
6.5
6.5
2022-06-29 CVE-2022-29270 Missing Authentication for Critical Function vulnerability in Nagios XI
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
network
low complexity
nagios CWE-306
4.3
4.3
2022-06-29 CVE-2022-29271 Incorrect Authorization vulnerability in Nagios XI
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services.
network
low complexity
nagios CWE-863
6.5
6.5
2022-06-29 CVE-2022-29272 Open Redirect vulnerability in Nagios XI
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
network
low complexity
nagios CWE-601
6.1
6.1
2021-10-26 CVE-2021-40343 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
local
low complexity
nagios CWE-732
7.8
7.8
2021-10-26 CVE-2021-40344 Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI 5.8.5
An issue was discovered in Nagios XI 5.8.5.
network
low complexity
nagios CWE-434
7.2
7.2