Nagios Xi@* Security Vulnerabilities and Issues — Nagios Xi@* CVE List

Lucene search

NagiosNagios Xi*

9 matches found

CVE•added 2020/10/20 10:15 p.m.•146 views

CVE-2020-5791

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

9CVSS7AI score0.91261EPSS

CVE•added 2020/11/16 3:15 a.m.•79 views

CVE-2020-28648

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

9CVSS8.6AI score0.13906EPSS

CVE•added 2020/07/22 10:15 p.m.•59 views

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.

8.8CVSS9AI score0.06486EPSS

CVE•added 2020/07/22 10:15 p.m.•57 views

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.

6.1CVSS5.9AI score0.42821EPSS

CVE•added 2020/11/16 5:15 p.m.•37 views

CVE-2020-27989

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-27988

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).

5.4CVSS5.2AI score0.56618EPSS

CVE•added 2020/09/09 9:15 p.m.•35 views

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.

10CVSS9.5AI score0.0553EPSS

CVE•added 2020/11/16 5:15 p.m.•33 views

CVE-2020-27991

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2020/11/16 5:15 p.m.•32 views

CVE-2020-27990

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

5.4CVSS5.2AI score0.17744EPSS