Vulnerabilities > Nagios > Nagios XI > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-14 CVE-2018-15712 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
network
nagios CWE-79
4.3
2018-11-14 CVE-2018-15711 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users.
network
low complexity
nagios CWE-78
6.5
2018-11-14 CVE-2018-15709 OS Command Injection vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
network
low complexity
nagios CWE-78
6.5
2018-05-16 CVE-2018-10738 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
network
low complexity
nagios CWE-89
6.5
2018-05-16 CVE-2018-10737 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
network
low complexity
nagios CWE-89
6.5
2018-05-16 CVE-2018-10736 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
network
low complexity
nagios CWE-89
6.5
2018-05-16 CVE-2018-10735 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
network
low complexity
nagios CWE-89
6.5
2018-04-30 CVE-2018-10553 Path Traversal vulnerability in Nagios XI 5.4.13
An issue was discovered in Nagios XI 5.4.13.
network
low complexity
nagios CWE-22
4.0