Nagios Xi@* Security Vulnerabilities and Issues — Nagios Xi@* CVE List

Lucene search

NagiosNagios Xi*

6 matches found

CVE•added 2022/06/29 1:15 a.m.•65 views

CVE-2022-29270

In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.

4.3CVSS4.8AI score0.00543EPSS

CVE•added 2022/06/29 1:15 a.m.•63 views

CVE-2022-29269

In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.

6.5CVSS6.3AI score0.04936EPSS

CVE•added 2022/06/29 1:15 a.m.•61 views

CVE-2022-29272

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

6.1CVSS6.1AI score0.04126EPSS

CVE•added 2022/06/29 1:15 a.m.•55 views

CVE-2022-29271

In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.

6.5CVSS6.4AI score0.00543EPSS

CVE•added 2022/09/07 10:15 p.m.•50 views

CVE-2022-38248

Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.

6.1CVSS6.1AI score0.04814EPSS

CVE•added 2022/09/07 10:15 p.m.•41 views

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

6.1CVSS6AI score0.04814EPSS