Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2020-5791 OS Command Injection vulnerability in Nagios XI
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
network
low complexity
nagios CWE-78
7.2
7.2
2020-10-20 CVE-2020-5790 Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
network
low complexity
nagios CWE-352
6.5
6.5
2020-09-09 CVE-2020-15903 Unspecified vulnerability in Nagios XI
An issue was found in Nagios XI before 5.7.3.
network
low complexity
nagios
critical
 9.8
9.8
2020-07-30 CVE-2020-16157 Cross-site Scripting vulnerability in Nagios LOG Server
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
network
low complexity
nagios CWE-79
5.4
5.4
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
6.1
2020-07-22 CVE-2020-15901 Unspecified vulnerability in Nagios XI
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
network
low complexity
nagios
8.8
8.8
2020-06-09 CVE-2020-13977 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.
network
low complexity
nagios fedoraproject CWE-829
4.9
4.9
2020-03-22 CVE-2020-10821 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10820 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10819 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
network
low complexity
nagios CWE-79
4.8
4.8