Nagios Xi Security Vulnerabilities and Issues — Nagios Xi CVE List

Lucene search

NagiosNagios Xi

15 matches found

CVE•added 2020/10/20 10:15 p.m.•146 views

CVE-2020-5791

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

9CVSS7AI score0.91261EPSS

CVE•added 2020/11/16 3:15 a.m.•79 views

CVE-2020-28648

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

9CVSS8.6AI score0.13906EPSS

CVE•added 2020/10/20 10:15 p.m.•68 views

CVE-2020-5792

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.

7.2CVSS7.2AI score0.8701EPSS

CVE•added 2020/03/22 8:15 p.m.•66 views

CVE-2020-10821

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.

4.8CVSS5.1AI score0.24173EPSS

CVE•added 2020/07/22 10:15 p.m.•59 views

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.

8.8CVSS9AI score0.06486EPSS

CVE•added 2020/03/22 8:15 p.m.•57 views

CVE-2020-10820

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.

4.8CVSS5.2AI score0.04489EPSS

CVE•added 2020/07/22 10:15 p.m.•57 views

CVE-2020-15902

Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.

6.1CVSS5.9AI score0.42821EPSS

CVE•added 2020/03/22 8:15 p.m.•56 views

CVE-2020-10819

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.

4.8CVSS4.9AI score0.24173EPSS

CVE•added 2020/10/20 10:15 p.m.•56 views

CVE-2020-5790

Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

6.5CVSS6.4AI score0.04873EPSS

CVE•added 2020/11/13 8:15 p.m.•51 views

CVE-2020-5796

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

7.8CVSS7.8AI score0.00111EPSS

CVE•added 2020/11/16 5:15 p.m.•37 views

CVE-2020-27989

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2020/11/16 5:15 p.m.•36 views

CVE-2020-27988

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).

5.4CVSS5.2AI score0.56618EPSS

CVE•added 2020/09/09 9:15 p.m.•35 views

CVE-2020-15903

An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.

10CVSS9.5AI score0.0553EPSS

CVE•added 2020/11/16 5:15 p.m.•33 views

CVE-2020-27991

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

5.4CVSS5.2AI score0.17744EPSS

CVE•added 2020/11/16 5:15 p.m.•32 views

CVE-2020-27990

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

5.4CVSS5.2AI score0.17744EPSS