163 matches found
CVE-2021-47689
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...
CVE-2021-47693
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...
CVE-2021-47690
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...
CVE-2020-36859
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36856
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
CVE-2020-36861
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36859
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36861
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...
CVE-2025-34286
Nagios XI
CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...
CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...
CVE-2021-47689
The CVE covers Nagios XI with Core Config Manager (CCM) vulnerable prior to CCM 3.1.0 / Nagios XI 5.8.0. Root cause is insufficient validation/escaping in the Templates pages UI logic that renders Active/Actions buttons, enabling cross-site scripting (XSS) via user-supplied input. Reported impact...
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...
CVE-2021-47691
The Nagios XI Core Config Manager (CCM) is affected by cross-site scripting (XSS) vulnerabilities in CCM prior to 3.1.1 and Nagios XI prior to 5.8.2. The issue arises from insufficient validation/escaping of user-supplied input in the Services page, specifically the config_name and service_descri...
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...
CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...
CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...