Vulnerabilities > Nagios > Nagios XI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2018-17146 | Cross-site Scripting vulnerability in Nagios XI A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. | 5.4 |
| 2019-05-22 | CVE-2019-12279 | SQL Injection vulnerability in Nagios XI 5.6.1 Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). | 9.8 |
| 2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
| 2019-03-28 | CVE-2019-9166 | Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | 7.8 |
| 2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
| 2019-03-28 | CVE-2019-9164 | Cross-site Scripting vulnerability in Nagios XI Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 8.8 |
| 2018-12-17 | CVE-2018-20172 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-12-17 | CVE-2018-20171 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-11-14 | CVE-2018-15714 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 6.1 |
| 2018-11-14 | CVE-2018-15713 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | 5.4 |