CVE-2023-7316

Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-34278

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

CVE-2023-7317

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of...

CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7316

CVE-2023-7316 concerns Nagios XI prior to 2024R1. The vulnerability is an XSS flaw in the Graph Explorer component caused by insufficient validation or escaping of user-supplied input, enabling an attacker to inject and execute arbitrary script in a victim’s browser. Affected software: Nagios XI ...

CVE-2023-7316 Nagios XI < 2024R1 XSS via Graph Explorer

Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-34278

CVE-2025-34278 affects Nagios Network Analyzer (versions prior to 2024R1). The issue is a stored XSS in the Source Groups page (percentile calculator menu) where an attacker-supplied payload is stored and later rendered in other users’ browsers, executing in the victim’s context. The redhat/europ...

CVE-2025-34278 Nagios Network Analyzer < 2024R1 Source Groups / Percentile Calculator Menu Stored XSS

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability in the Source Groups page percentile calculator menu. An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a...

CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2024-58272

...

PT-2025-44492

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer versions prior to 2024R1 Description Nagios Network Analyzer is susceptible to a cross-site scripting XSS issue through the Percentile Calculator menu. This occurs due to inadequate validation or escaping of user-provid...

PT-2025-44494

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description Nagios Log Server versions prior to 2024R1 have an incorrect authorization issue. Users without the necessary API permissions could access API endpoints, leading to unauthorized data acces...

PT-2025-44519

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer versions prior to 2024R1 Description The software contains a stored cross-site scripting XSS issue within the Source Groups page, specifically in the percentile calculator menu. An attacker can inject a malicious payloa...

PT-2025-44508

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description The software contains a stored cross-site scripting XSS issue. An attacker can inject JavaScript code through a manipulated username that is stored and then displayed on admin or user-faci...

PT-2025-44555

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1 Description The software is susceptible to cross-site scripting XSS through the Graph Explorer component. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and execu...

PT-2025-44491

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1 Description Nagios XI versions prior to 2024R1 have a missing access control issue through the Web SSH Terminal. A remote attacker with low privileges could access or interact with the terminal interface...

Nagios Network Analyzer 安全漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in versions prior to Nagios Network Analyzer 2024R1, which stems from a Source Groups page stored cross-site scripting vulnerability that could lead to...

Nagios XI < 2024R1 API Key Security

According to the self-reported version of Nagios XI, the remote host is affected by a vulnerability related to the generation of API keys. Nagios XI before 5.11.3 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same se...

CVE-2023-48082

Nagios XI before 2024R1 was discovered to improperly handle API keys generation randomly-generated, allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate...

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI 2024R1 and prior versions, which stems from the presence of a...