3 matches found
CVE-2011-10037 Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2020-36866
Nagios XI pre-5.7.3 is affected by a cross-site scripting (XSS) vulnerability on the Manage Users page in the Admin interface due to insufficient input validation/escaping. Impact: attacker can inject and execute script in a victim’s browser. Remediation: upgrade to 5.7.3 or later (sources refer ...
CVE-2021-3273
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system...