Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-9165 | SQL Injection vulnerability in Nagios XI SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | 9.8 |
| 2019-03-28 | CVE-2019-9164 | Cross-site Scripting vulnerability in Nagios XI Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 8.8 |
| 2018-12-17 | CVE-2018-20172 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-12-17 | CVE-2018-20171 | Cross-site Scripting vulnerability in Nagios XI An issue was discovered in Nagios XI before 5.5.8. | 6.1 |
| 2018-12-17 | CVE-2018-18245 | Cross-site Scripting vulnerability in multiple products Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. | 5.4 |
| 2018-11-14 | CVE-2018-15714 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | 6.1 |
| 2018-11-14 | CVE-2018-15713 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | 5.4 |
| 2018-11-14 | CVE-2018-15712 | Cross-site Scripting vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | 6.1 |
| 2018-11-14 | CVE-2018-15711 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. | 8.8 |
| 2018-11-14 | CVE-2018-15710 | OS Command Injection vulnerability in Nagios XI 5.5.6 Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | 7.8 |