Vulnerabilities > Nagios > Nagios XI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-15 | CVE-2020-24899 | Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 6.5 |
| 2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 4.3 |
| 2020-10-20 | CVE-2020-5792 | Argument Injection or Modification vulnerability in Nagios XI 5.7.3 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user. | 6.5 |
| 2020-10-20 | CVE-2020-5790 | Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 4.3 |
| 2020-07-22 | CVE-2020-15902 | Cross-site Scripting vulnerability in Nagios XI Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | 6.1 |
| 2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 5.0 |
| 2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
| 2018-12-17 | CVE-2018-20172 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 4.3 |
| 2018-12-17 | CVE-2018-20171 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 4.3 |
| 2018-11-14 | CVE-2018-15714 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 4.3 |