Nagios Xi

nagios_xi

Vendor: Nagios • 192 CVEs

CVEs (192)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25299 1Nagios 1Nagios Xi Nov 21, 2024 Feb 15, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously c...Show more Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.Show less
CVE-2021-25298 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-25297 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated use...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-25296 1Nagios 1Nagios Xi Nov 3, 2025 Feb 15, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authentic...Show more Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.Show less
CVE-2021-3193 1Nagios 1Nagios Xi Nov 21, 2024 Jan 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
CVE-2020-35578 1Nagios 1Nagios Xi Nov 21, 2024 Jan 13, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-syst...Show more An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.Show less
CVE-2020-27991 1Nagios 1Nagios Xi Nov 21, 2024 Nov 16, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
CVE-2020-27990 1Nagios 1Nagios Xi Nov 21, 2024 Nov 16, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
CVE-2020-27989 1Nagios 1Nagios Xi Nov 21, 2024 Nov 16, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
CVE-2020-27988 1Nagios 1Nagios Xi Nov 21, 2024 Nov 16, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
CVE-2020-28648 1Nagios 1Nagios Xi Nov 21, 2024 Nov 16, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
CVE-2020-5796 1Nagios 1Nagios Xi Nov 21, 2024 Nov 13, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrar...Show more Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.Show less
CVE-2020-5792 1Nagios 1Nagios Xi Nov 21, 2024 Oct 20, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
CVE-2020-5791 1Nagios 1Nagios Xi Nov 21, 2024 Oct 20, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5790 1Nagios 1Nagios Xi Nov 21, 2024 Oct 20, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-15903 1Nagios 1Nagios Xi Nov 21, 2024 Sep 9, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7....Show more An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.Show less
CVE-2020-15902 1Nagios 1Nagios Xi Nov 21, 2024 Jul 22, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
CVE-2020-15901 1Nagios 1Nagios Xi Nov 21, 2024 Jul 22, 2020 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
CVE-2020-10821 1Nagios 1Nagios Xi Nov 21, 2024 Mar 22, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
CVE-2020-10820 1Nagios 1Nagios Xi Nov 21, 2024 Mar 22, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.

Previous 1...6 789 10 Next