Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2019-12-30 CVE-2019-20139 Cross-site Scripting vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter.
network
nagios CWE-79
3.5
2019-09-05 CVE-2019-15949 OS Command Injection vulnerability in Nagios XI
Nagios XI before 5.6.6 allows remote command execution as root.
network
low complexity
nagios CWE-78
critical
9.0
2019-09-03 CVE-2019-15898 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
network
nagios CWE-79
4.3
2019-07-10 CVE-2018-17147 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
network
nagios CWE-79
3.5
2019-06-19 CVE-2018-17148 Improper Access Control vulnerability in Nagios XI
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
network
low complexity
nagios CWE-284
5.0
2019-06-19 CVE-2018-17146 Cross-site Scripting vulnerability in Nagios XI
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page.
network
nagios CWE-79
3.5
2019-05-22 CVE-2019-12279 SQL Injection vulnerability in Nagios XI 5.6.1
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form).
network
low complexity
nagios CWE-89
critical
9.8
2019-03-28 CVE-2019-9167 Cross-site Scripting vulnerability in Nagios XI
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
network
low complexity
nagios CWE-79
6.1
2019-03-28 CVE-2019-9166 Incorrect Permission Assignment for Critical Resource vulnerability in Nagios XI
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
local
low complexity
nagios CWE-732
7.8
2019-03-28 CVE-2019-9204 SQL Injection vulnerability in Nagios Incident Manager 2.0.0/2.0.1
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
network
low complexity
nagios CWE-89
critical
9.8