6 matches found
CVE-2024-13998
CVE-2024-13998 affects Nagios XI prior to 2024R1.1.3. The vulnerability leads to authenticated users improperly gaining access to sensitive data (API keys and password hashes) that should be restricted, potentially enabling account compromise or API privilege abuse. The underlying issue is disclo...
PT-2025-44800
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1.3 Description Nagios XI versions prior to 2024R1.1.3 have a flaw that allows an authenticated administrator to gain root privileges on the host system. This is achieved by exploiting the Migrate Server...
PT-2025-44801
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information including API keys and hashed passwords to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse ...
CVE-2024-14001
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2024-14001
Nagios XI prior to 2024R1.1.3 is vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. The root cause is insufficient validation or escaping of user-supplied input in that component, allowing an attacker to inject and execute arbitrary script in a victim’s browser. ...
CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change
Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a result, any pre-existing sessions including those potentially controlled by an attacker remained valid after a credential update. This insufficient session...