Vulnerabilities > Nagios > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2021-35478 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. | 5.4 |
| 2021-07-30 | CVE-2021-35479 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. | 5.4 |
| 2021-05-24 | CVE-2020-28903 | Cross-site Scripting vulnerability in Nagios Fusion Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. | 6.1 |
| 2021-05-24 | CVE-2020-28911 | Insecure Storage of Sensitive Information vulnerability in Nagios Fusion Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | 6.5 |
| 2021-04-08 | CVE-2021-28924 | Cross-site Scripting vulnerability in Nagios Network Analyzer Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | 6.1 |
| 2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 6.1 |
| 2021-02-03 | CVE-2021-26024 | Authorization Bypass Through User-Controlled Key vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 5.3 |
| 2021-02-03 | CVE-2021-26023 | Cross-site Scripting vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | 6.1 |
| 2021-01-20 | CVE-2020-25385 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page. | 6.1 |
| 2020-11-16 | CVE-2020-27991 | Cross-site Scripting vulnerability in Nagios XI Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | 5.4 |