8 matches found
CVE-2024-13993
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
EUVD-2024-55057
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
CVE-2024-13995
Nagios XI versions prior to 2024R1.1.2 may confirmed in 2024R1.1 and 2024R1.1.1 disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account...
CVE-2024-13993 Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
CVE-2024-13993 Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers
Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
PT-2025-44497
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2 Description Nagios XI versions prior to 2024R1.1.2 have a flaw where authorization checks are absent when the 'Allow Insecure Logins' option is active. This allows any user to generate valid login...
PT-2025-44496
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.2 Description The software is susceptible to a reflected cross-site scripting XSS issue via the login page when accessed using older web browsers. Insufficient validation or escaping of user-supplied input...