Nagios XI Cross-Site Scripting Vulnerability (CNVD-2019-10019)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. A cross-site scripting vulnerability exists in Nagios XI versions prior to 5.5.11. An attacker can exploit this vulnerability to injec...

CVE-2019-9167

Cross-site scripting XSS vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter...

CVE-2019-9167

Cross-site scripting XSS vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter...

CVE-2019-9167

Cross-site scripting XSS vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter...

PT-2019-19408 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: A cross-site scripting XSS issue allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. This could potentially lead to unauthorized actions on the affected system...

CVE-2018-10553

An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings...