Vulnerabilities > Nagios > Nagios XI > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2018-17146 Cross-site Scripting vulnerability in Nagios XI
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page.
network
low complexity
nagios CWE-79
5.4
2019-03-28 CVE-2019-9167 Cross-site Scripting vulnerability in Nagios XI
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
network
low complexity
nagios CWE-79
6.1
2018-12-17 CVE-2018-20172 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
2018-12-17 CVE-2018-20171 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
2018-11-14 CVE-2018-15714 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
network
low complexity
nagios CWE-79
6.1
2018-11-14 CVE-2018-15713 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
network
low complexity
nagios CWE-79
5.4
2018-11-14 CVE-2018-15712 Cross-site Scripting vulnerability in Nagios XI 5.5.6
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
network
low complexity
nagios CWE-79
6.1
2018-04-30 CVE-2018-10554 Cross-site Scripting vulnerability in Nagios XI 5.4.13
An issue was discovered in Nagios XI 5.4.13.
network
low complexity
nagios CWE-79
5.4
2018-04-30 CVE-2018-10553 Path Traversal vulnerability in Nagios XI 5.4.13
An issue was discovered in Nagios XI 5.4.13.
network
low complexity
nagios CWE-22
6.5