Vulnerabilities > Nagios > Nagios XI > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-14 | CVE-2018-15712 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 4.3 |
| 2018-11-14 | CVE-2018-15711 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. | 6.5 |
| 2018-11-14 | CVE-2018-15709 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | 6.5 |
| 2018-05-16 | CVE-2018-10738 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | 6.5 |
| 2018-05-16 | CVE-2018-10737 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | 6.5 |
| 2018-05-16 | CVE-2018-10736 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | 6.5 |
| 2018-05-16 | CVE-2018-10735 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | 6.5 |
| 2018-04-30 | CVE-2018-10553 | Path Traversal vulnerability in Nagios XI 5.4.13 An issue was discovered in Nagios XI 5.4.13. | 4.0 |