163 matches found
CVE-2021-47693 Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...
CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...
CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...
CVE-2021-47694
Nagios XI CCM (Core Config Manager) prior to CCM 3.1.4 / XI 5.8.6 is affected by a reflected XSS via the Test Command feature. The vulnerability stems from insufficient validation/escaping of user input, allowing an attacker to inject and execute arbitrary script in a victim’s browser. Affected c...
CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...
PT-2025-44476
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.2 Nagios XI versions prior to 5.8.4 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the lock page functionality. A lack of proper input...
PT-2025-44462
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14 Description Nagios XI versions prior to 5.6.14 have an authenticated remote command execution issue in the command test.php script within the Core Config Manager CCM. A lack of proper validation of the addres...
PT-2025-44465
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI has multiple SQL injection flaws present in the object edit pages. The application incorporates unsanitized...
PT-2025-44467
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.5 Core Config Manager CCM versions prior to 3.0.8 Description The Core Config Manager CCM in Nagios XI has multiple cross-site scripting XSS issues in the overlay UI elements and the Notification/Check Period...
PT-2025-44475
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.2 Core Config Manager CCM versions prior to 3.1.1 Description The Core Config Manager CCM in Nagios XI is susceptible to cross-site scripting XSS issues through the Services page. The config name and service...
PT-2025-44473
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.0 Nagios XI versions prior to 5.8.0 Description The Core Config Manager CCM in Nagios XI contains a cross-site scripting XSS issue in the Templates pages. The problem is related to the UI logic that renders...
PT-2025-44481
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.6 Nagios XI versions prior to 5.8.8 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the search and deletion interfaces. Insufficient validation...
PT-2025-44478
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.4 Nagios XI versions prior to 5.8.6 Description The Core Config Manager CCM in Nagios XI is subject to a reflected cross-site scripting XSS issue through the Test Command functionality. A lack of proper inpu...
PT-2025-44474
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.1 Nagios XI versions prior to 5.8.2 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues within Overlay modals. A lack of proper input validation or...
PT-2025-44466
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2026R1, which stems from insufficient validatio...
PT-2025-44482
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.7 Nagios XI versions prior to 5.8.9 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the Audit Log page search input. A lack of proper input...
PT-2025-44477
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.3 Nagios XI versions prior to 5.8.5 Description The Core Config Manager CCM contains a SQL injection issue in how search text is handled. User-supplied input is not properly sanitized before being used in SQ...
EUVD-2021-18467
Malware in sbrugna...