CVE-2023-7323

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

PT-2025-44494

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description Nagios Log Server versions prior to 2024R1 have an incorrect authorization issue. Users without the necessary API permissions could access API endpoints, leading to unauthorized data acces...

PT-2025-44555

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1 Description The software is susceptible to cross-site scripting XSS through the Graph Explorer component. Insufficient validation or escaping of user-supplied input could allow an attacker to inject and execu...

Nagios XI Security Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI 2024R1 and prior versions, which stems from the presence of a...

Vulnerabilities fixed in Nagios XI

Nagios has fixed vulnerabilities in Nagios XI. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data Circumvention of security measure Remote code execution...