Nagios Xi Security Vulnerabilities and Issues — Nagios Xi CVE List

Lucene search

NagiosNagios Xi

13 matches found

CVE•added 2019/06/19 6:15 p.m.•68 views

CVE-2018-17146

A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.

5.4CVSS5.4AI score0.06357EPSS

CVE•added 2021/08/13 12:15 p.m.•56 views

CVE-2021-37351

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.

5.3CVSS6.3AI score0.00583EPSS

CVE•added 2023/09/19 11:15 p.m.•49 views

CVE-2023-40932

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means t...

5.4CVSS5.2AI score0.01959EPSS

CVE•added 2021/09/15 2:15 p.m.•48 views

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.

5.4CVSS5.1AI score0.86031EPSS

CVE•added 2025/01/09 8:15 p.m.•48 views

CVE-2024-42898

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.

5.4CVSS5.9AI score0.00602EPSS

CVE•added 2018/11/14 6:29 p.m.•43 views

CVE-2018-15713

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

5.4CVSS5.9AI score0.03705EPSS

CVE•added 2018/04/30 3:29 a.m.•41 views

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelp...

5.4CVSS5.5AI score0.02176EPSS

CVE•added 2020/11/16 5:15 p.m.•37 views

CVE-2020-27989

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-27988

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).

5.4CVSS5.2AI score0.56618EPSS

CVE•added 2019/12/30 3:15 p.m.•33 views

CVE-2019-20139

In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.

5.4CVSS5.1AI score0.08324EPSS

CVE•added 2020/11/16 5:15 p.m.•33 views

CVE-2020-27991

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2024/02/02 10:15 a.m.•33 views

CVE-2023-51072

A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated us...

5.4CVSS5.2AI score0.01765EPSS

CVE•added 2020/11/16 5:15 p.m.•32 views

CVE-2020-27990

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

5.4CVSS5.2AI score0.17744EPSS