Vulnerabilities > Nagios > Nagios XI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2018-17146 | Cross-site Scripting vulnerability in Nagios XI A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. | 5.4 |
| 2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
| 2018-12-17 | CVE-2018-20172 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-12-17 | CVE-2018-20171 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-11-14 | CVE-2018-15714 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 6.1 |
| 2018-11-14 | CVE-2018-15713 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | 5.4 |
| 2018-11-14 | CVE-2018-15712 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 6.1 |
| 2018-04-30 | CVE-2018-10554 | Cross-site Scripting vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 5.4 |
| 2018-04-30 | CVE-2018-10553 | Path Traversal vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 6.5 |