Vulnerabilities > Nagios > Nagios XI > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-29 | CVE-2022-29270 | Missing Authentication for Critical Function vulnerability in Nagios XI In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | 4.3 |
2022-06-29 | CVE-2022-29271 | Incorrect Authorization vulnerability in Nagios XI In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. | 6.5 |
2022-06-29 | CVE-2022-29272 | Open Redirect vulnerability in Nagios XI In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | 6.1 |
2021-10-14 | CVE-2021-33179 | Cross-site Scripting vulnerability in Nagios XI The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. | 6.1 |
2021-10-05 | CVE-2021-37223 | Server-Side Request Forgery (SSRF) vulnerability in Nagios XI Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. | 6.5 |
2021-09-15 | CVE-2021-38156 | Cross-site Scripting vulnerability in Nagios XI In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | 5.4 |
2021-08-13 | CVE-2021-37351 | Incorrect Default Permissions vulnerability in Nagios XI Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | 5.3 |
2021-08-13 | CVE-2021-37352 | Open Redirect vulnerability in Nagios XI An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. | 6.1 |
2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 6.1 |
2020-11-16 | CVE-2020-27991 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 5.4 |