Vulnerabilities > Nagios > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-13 | CVE-2021-37352 | Open Redirect vulnerability in Nagios XI An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. | 5.8 |
| 2021-06-07 | CVE-2021-3277 | Unrestricted Upload of File with Dangerous Type vulnerability in Nagios XI Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files. | 6.5 |
| 2021-05-24 | CVE-2020-28903 | Cross-site Scripting vulnerability in Nagios Fusion Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS. | 4.3 |
| 2021-05-24 | CVE-2020-28905 | Code Injection vulnerability in Nagios Fusion Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | 6.5 |
| 2021-05-24 | CVE-2020-28911 | Insecure Storage of Sensitive Information vulnerability in Nagios Fusion Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php. | 4.0 |
| 2021-04-08 | CVE-2021-28924 | Cross-site Scripting vulnerability in Nagios Network Analyzer Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page. | 4.3 |
| 2021-02-15 | CVE-2020-24899 | Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 6.5 |
| 2021-02-15 | CVE-2021-25299 | Cross-site Scripting vulnerability in Nagios XI 5.7.5 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). | 4.3 |
| 2021-02-03 | CVE-2021-26024 | Unspecified vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | 5.0 |
| 2021-02-03 | CVE-2021-26023 | Cross-site Scripting vulnerability in Nagios Favorites The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | 4.3 |