Search
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2023-08-25 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | |||||
| CVE-2022-29269 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. | |||||
| CVE-2022-29271 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. | |||||
| CVE-2022-29270 | 1 Nagios | 1 Nagios Xi | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | |||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
| CVE-2021-33179 | 1 Nagios | 1 Nagios Xi | 2021-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload. | |||||
| CVE-2021-37223 | 1 Nagios | 1 Nagios Xi | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. | |||||
| CVE-2021-38156 | 1 Nagios | 1 Nagios Xi | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | |||||
| CVE-2021-37352 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | |||||
| CVE-2021-37351 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | |||||
| CVE-2021-25299 | 1 Nagios | 1 Nagios Xi | 2021-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. | |||||
| CVE-2021-26024 | 1 Nagios | 2 Favorites, Nagios Xi | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. | |||||
| CVE-2021-26023 | 1 Nagios | 2 Favorites, Nagios Xi | 2021-02-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | |||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2020-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | |||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2020-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | |||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2020-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | |||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2020-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | |||||
| CVE-2020-15902 | 1 Nagios | 1 Nagios Xi | 2020-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. | |||||
| CVE-2020-5790 | 1 Nagios | 1 Nagios Xi | 2020-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2020-10821 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | |||||
| CVE-2020-10820 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | |||||
| CVE-2020-10819 | 1 Nagios | 1 Nagios Xi | 2020-03-23 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | |||||
| CVE-2019-20139 | 1 Nagios | 1 Nagios Xi | 2020-01-03 | 3.5 LOW | 5.4 MEDIUM |
| In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | |||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2019-07-11 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | |||||
| CVE-2018-17146 | 1 Nagios | 1 Nagios Xi | 2019-06-23 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. | |||||
| CVE-2019-9167 | 1 Nagios | 1 Nagios Xi | 2019-04-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | |||||
| CVE-2018-20172 | 1 Nagios | 1 Nagios Xi | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-20171 | 1 Nagios | 1 Nagios Xi | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | |||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | |||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | |||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2018-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | |||||