Lucene search

K

6 matches found

CVE
CVE
added 2023/12/14 7:15 a.m.228 views

CVE-2023-48085

Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.

9.8CVSS9.8AI score0.71871EPSS
CVE
CVE
added 2023/09/19 11:15 p.m.86 views

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php

6.5CVSS7AI score0.88021EPSS
CVE
CVE
added 2023/12/14 7:15 a.m.81 views

CVE-2023-48084

Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.

9.8CVSS9.7AI score0.86816EPSS
CVE
CVE
added 2023/09/19 11:15 p.m.68 views

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.

8.8CVSS8.9AI score0.18513EPSS
CVE
CVE
added 2023/09/19 11:15 p.m.49 views

CVE-2023-40932

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS5.2AI score0.01959EPSS
CVE
CVE
added 2023/09/19 11:15 p.m.41 views

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.

7.2CVSS7.5AI score0.01173EPSS