Vulnerabilities > Nagios > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-27990 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27989 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
network
low complexity
nagios CWE-79
5.4
5.4
2020-11-16 CVE-2020-27988 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
network
low complexity
nagios CWE-79
5.4
5.4
2020-10-20 CVE-2020-5790 Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.7.3
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
network
low complexity
nagios CWE-352
6.5
6.5
2020-07-30 CVE-2020-16157 Cross-site Scripting vulnerability in Nagios LOG Server
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
network
low complexity
nagios CWE-79
5.4
5.4
2020-07-22 CVE-2020-15902 Cross-site Scripting vulnerability in Nagios XI
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
network
low complexity
nagios CWE-79
6.1
6.1
2020-06-09 CVE-2020-13977 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.
network
low complexity
nagios fedoraproject CWE-829
4.9
4.9
2020-03-22 CVE-2020-10821 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10820 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
network
low complexity
nagios CWE-79
4.8
4.8
2020-03-22 CVE-2020-10819 Cross-site Scripting vulnerability in Nagios XI 5.6.11
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
network
low complexity
nagios CWE-79
4.8
4.8