Vulnerabilities > Nagios > Nagios XI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-22 | CVE-2020-15902 | Cross-site Scripting vulnerability in Nagios XI Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | 6.1 |
| 2020-07-22 | CVE-2020-15901 | Unspecified vulnerability in Nagios XI In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | 8.8 |
| 2020-03-22 | CVE-2020-10821 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | 4.8 |
| 2020-03-22 | CVE-2020-10820 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | 4.8 |
| 2020-03-22 | CVE-2020-10819 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | 4.8 |
| 2019-12-31 | CVE-2019-20197 | OS Command Injection vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | 8.8 |
| 2019-12-30 | CVE-2019-20139 | Cross-site Scripting vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. | 5.4 |
| 2019-09-05 | CVE-2019-15949 | OS Command Injection vulnerability in Nagios XI Nagios XI before 5.6.6 allows remote command execution as root. | 8.8 |
| 2019-07-10 | CVE-2018-17147 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.5.4 has XSS in the auto login admin management page. | 4.8 |
| 2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 9.8 |