16813 matches found
CVE-2016-15053
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2013-10074
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting XSS via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2011-10037
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...
CVE-2018-25121 Nagios XI < 5.4.13 XSS via Views Page
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting XSS via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2013-10074 Nagios XI < 2012R2.6 XSS via Tools Menu
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting XSS via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2013-10074 Nagios XI < 2012R2.6 XSS via Tools Menu
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting XSS via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2013-10074
Nagios XI ≤ 2012R2.5 is vulnerable to cross-site scripting (XSS) via the Tools Menu in the web interface due to insufficient validation/escaping of user input. The Red Hat advisory and multiple sources confirm the issue affects Nagios XI prior to 2012R2.6, enabling an attacker to inject and execu...
CVE-2011-10038 Nagios XI < 2011R1.9 XSS via Recurring Downtime Script
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2011-10038
Nagios XI (
CVE-2011-10038 Nagios XI < 2011R1.9 XSS via Recurring Downtime Script
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15053 Nagios XI < 5.2.4 XSS via “My Reports” Listing
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15053
Nagios XI is affected by an XSS flaw in the web interface’s My Reports listing. Affected product/version: Nagios XI prior to 5.2.4. Root cause: insufficient validation/escaping of user-supplied input enables injecting and executing script in a victim’s browser. Impact: cross-site scripting with t...
CVE-2016-15053 Nagios XI < 5.2.4 XSS via “My Reports” Listing
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2016-15052
Nagios XI is affected: versions prior to 5.2.4 are vulnerable to cross-site scripting via the web interface’s Menu System. The root cause is insufficient validation/escaping of user-supplied input, enabling an attacker to inject and execute arbitrary script in a victim’s browser. The connected Re...
CVE-2016-15052 Nagios XI < 5.2.4 XSS via Menu System
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2011-10039
CVE-2011-10039 affects Nagios XI versions prior to 2011R1.9. The issue is a cross-site scripting (XSS) vulnerability in the web interface, exploitable via the Alert Heatmap report and the “My Reports” listing due to insufficient input validation/escaping. The Red Hat and ENISA records corroborate...
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
CVE-2024-13994
Nagios XI versions prior to 2024R1.1.2 implement a missing authorization control when the 'Allow Insecure Logins' option is enabled. This allows a user to create valid login credentials for other users without proper authorization, leading to potential unauthorized account creation and privilege ...
CVE-2024-13994 Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credentials for other users without proper authorization. This can lead to unauthorized account creation,...
CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...