Vulnerabilities > Nagios > Nagios XI

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-15903 Unspecified vulnerability in Nagios XI
An issue was found in Nagios XI before 5.7.3.
network
low complexity
nagios
critical
 9.8
9.8
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
6.1
2020-07-22 CVE-2020-15901 Unspecified vulnerability in Nagios XI
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
network
low complexity
nagios
8.8
8.8
2020-03-22 CVE-2020-10821 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10820 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10819 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2019-12-31 CVE-2019-20197 OS Command Injection vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
network
low complexity
nagios CWE-78
8.8
8.8
2019-12-30 CVE-2019-20139 Cross-site Scripting vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter.
network
low complexity
nagios CWE-79
5.4
5.4
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
8.8
8.8
2019-07-10 CVE-2018-17147 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
network
low complexity
nagios CWE-79
4.8
4.8