Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2020-25385 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
network
low complexity
nagios CWE-79
6.1
6.1
2021-01-13 CVE-2020-35578 OS Command Injection vulnerability in Nagios XI
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0.
network
low complexity
nagios CWE-78
7.2
7.2
2020-12-23 CVE-2020-35269 Cross-Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
network
low complexity
nagios CWE-352
8.8
8.8
2020-11-16 CVE-2020-27991 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27990 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27989 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27988 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-28648 Improper Input Validation vulnerability in Nagios XI
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
network
low complexity
nagios CWE-20
8.8
8.8
2020-11-13 CVE-2020-5796 Improper Preservation of Permissions vulnerability in Nagios XI 5.7.4
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
local
low complexity
nagios CWE-281
7.8
7.8
2020-10-20 CVE-2020-5792 Argument Injection or Modification vulnerability in Nagios XI 5.7.3
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
network
low complexity
nagios CWE-88
7.2
7.2