Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-02	CVE-2023-51072	Cross-site Scripting vulnerability in Nagios XI A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. network low complexity nagios CWE-79	5.4
2024-01-24	CVE-2021-43584	Cross-site Scripting vulnerability in Nagios Cross Platform Agent DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log. network low complexity nagios CWE-79	4.8
2023-09-19	CVE-2023-40931	SQL Injection vulnerability in Nagios XI A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php network low complexity nagios CWE-89	6.5
2023-09-19	CVE-2023-40932	Cross-site Scripting vulnerability in Nagios XI A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. network low complexity nagios CWE-79	5.4
2023-08-22	CVE-2020-23992	Cross-site Scripting vulnerability in Nagios XI 5.7.1 Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. network low complexity nagios CWE-79	6.1
2022-12-27	CVE-2021-4285	Cross-site Scripting vulnerability in Nagios Cross Platform Agent A vulnerability classified as problematic was found in Nagios NCPA. network low complexity nagios CWE-79	6.1
2022-09-07	CVE-2022-38247	Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel. network low complexity nagios CWE-79	4.8
2022-09-07	CVE-2022-38248	Cross-site Scripting vulnerability in Nagios XI Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php. network low complexity nagios CWE-79	6.1
2022-09-07	CVE-2022-38249	Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4. network low complexity nagios CWE-79	6.1
2022-09-07	CVE-2022-38251	Cross-site Scripting vulnerability in Nagios XI 5.8.6 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel. network low complexity nagios CWE-79	4.8