Vulnerabilities > Nagios > Nagios XI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-27990 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | 5.4 |
| 2020-11-16 | CVE-2020-27989 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | 5.4 |
| 2020-11-16 | CVE-2020-27988 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | 5.4 |
| 2020-10-20 | CVE-2020-5790 | Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 6.5 |
| 2020-07-22 | CVE-2020-15902 | Cross-site Scripting vulnerability in Nagios XI Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | 6.1 |
| 2020-03-22 | CVE-2020-10821 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | 4.8 |
| 2020-03-22 | CVE-2020-10820 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | 4.8 |
| 2020-03-22 | CVE-2020-10819 | Cross-site Scripting vulnerability in Nagios XI 5.6.11 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | 4.8 |
| 2019-12-30 | CVE-2019-20139 | Cross-site Scripting vulnerability in Nagios XI 5.6.9 In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. | 5.4 |
| 2019-07-10 | CVE-2018-17147 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.5.4 has XSS in the auto login admin management page. | 4.8 |