Vulnerabilities > Nagios > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-6586 Cross-site Scripting vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page.
network
low complexity
nagios CWE-79
5.4
5.4
2020-03-16 CVE-2020-6584 Improper Privilege Management vulnerability in Nagios 2.1.3
Nagios Log Server 2.1.3 has Incorrect Access Control.
network
low complexity
nagios CWE-269
6.5
6.5
2019-12-30 CVE-2019-20139 Cross-site Scripting vulnerability in Nagios XI 5.6.9
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter.
network
low complexity
nagios CWE-79
5.4
5.4
2019-09-03 CVE-2019-15898 Cross-site Scripting vulnerability in Nagios LOG Server
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
network
low complexity
nagios CWE-79
6.1
6.1
2019-07-10 CVE-2018-17147 Cross-site Scripting vulnerability in Nagios XI
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
network
low complexity
nagios CWE-79
4.8
4.8
2019-06-19 CVE-2018-17146 Cross-site Scripting vulnerability in Nagios XI
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page.
network
low complexity
nagios CWE-79
5.4
5.4
2019-03-28 CVE-2019-9167 Cross-site Scripting vulnerability in Nagios XI
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
network
low complexity
nagios CWE-79
6.1
6.1
2018-12-17 CVE-2018-20172 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
6.1
2018-12-17 CVE-2018-20171 Cross-site Scripting vulnerability in Nagios XI
An issue was discovered in Nagios XI before 5.5.8.
network
low complexity
nagios CWE-79
6.1
6.1
2018-12-17 CVE-2018-18245 Cross-site Scripting vulnerability in multiple products
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
network
low complexity
nagios debian CWE-79
5.4
5.4