7 matches found
CVE-2023-7318
Nagios XI
CVE-2023-7318 Nagios XI < 2024R1.0.2 XSS via Core Command Expansion
Nagios XI versions prior to 2024R1.0.2 are vulnerable to cross-site scripting XSS via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
PT-2025-44556
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.0.2 Description Nagios XI versions prior to 2024R1.0.2 are susceptible to cross-site scripting XSS through the Nagios Core Command Expansion page. The issue stems from inadequate validation or escaping of...
PT-2025-44509
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.0.2 Description The software contains a local privilege escalation issue. An attacker with the ability to execute commands as the Apache web user or the backend shell user can gain root access on the...
Nagios XI < 2024R1.0.2 Multiple Vulnerabilities
According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - Nagios XI is vulnerable to a SQL Injection when utilizing the Favorites component. Details forthcoming. CVE-2024-24401 - Nagios XI is vulnerable to a privilege...