Vulnerabilities > Nagios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-27 | CVE-2021-4285 | Unspecified vulnerability in Nagios Cross Platform Agent A vulnerability classified as problematic was found in Nagios NCPA. | 6.1 |
| 2022-09-07 | CVE-2022-38247 | Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. | 4.8 |
| 2022-09-07 | CVE-2022-38248 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. | 6.1 |
| 2022-09-07 | CVE-2022-38249 | Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. | 6.1 |
| 2022-09-07 | CVE-2022-38250 | SQL Injection vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page. | 9.8 |
| 2022-09-07 | CVE-2022-38251 | Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. | 4.8 |
| 2022-09-07 | CVE-2022-38254 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5. | 6.1 |
| 2022-06-29 | CVE-2022-29269 | Cross-site Scripting vulnerability in Nagios XI In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | 6.5 |
| 2022-06-29 | CVE-2022-29270 | Missing Authentication for Critical Function vulnerability in Nagios XI In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | 4.3 |
| 2022-06-29 | CVE-2022-29271 | Incorrect Authorization vulnerability in Nagios XI In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. | 6.5 |