Nagios

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-54959 1Nagios 1Nagios Xi Jul 1, 2025 Feb 20, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).
CVE-2024-54958 1Nagios 1Nagios Xi Jul 1, 2025 Feb 20, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and exe...Show more Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users accessing the page.Show less
CVE-2024-42898 1Nagios 1Nagios Xi Jun 24, 2025 Jan 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.
CVE-2023-48082 1Nagios 1Nagios Xi Jul 10, 2025 Oct 14, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.
CVE-2024-43199 1Nagios 1Ndoutils Nov 21, 2024 Aug 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user.
CVE-2024-33775 1Nagios 1Nagios Xi Jun 30, 2025 May 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
CVE-2024-24402 1Nagios 1Nagios Xi Mar 24, 2025 Feb 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
CVE-2024-24401 1Nagios 1Nagios Xi Jun 27, 2025 Feb 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
CVE-2023-51072 1Nagios 1Nagios Xi Jun 16, 2025 Feb 2, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload fu...Show more A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators.Show less
CVE-2021-43584 1Nagios 1Nagios Cross Platform Agent Jun 16, 2025 Jan 24, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering fo...Show more DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when filtering for a log.Show less
CVE-2023-48085 1Nagios 1Nagios Xi May 22, 2025 Dec 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2023-48084 1Nagios 1Nagios Xi Nov 21, 2024 Dec 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
CVE-2023-40934 1Nagios 1Nagios Xi Nov 21, 2024 Sep 19, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escal...Show more A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.Show less
CVE-2023-40933 1Nagios 1Nagios Xi Nov 21, 2024 Sep 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_bann...Show more A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.Show less
CVE-2023-40932 1Nagios 1Nagios Xi Nov 21, 2024 Sep 19, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This...Show more A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.Show less
CVE-2023-40931 1Nagios 1Nagios Xi Nov 21, 2024 Sep 19, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banne...Show more A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.phpShow less
CVE-2020-23992 1Nagios 1Nagios Xi Nov 21, 2024 Aug 22, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
CVE-2021-4285 1Nagios 1Nagios Cross Platform Agent Nov 21, 2024 Dec 27, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site script...Show more A vulnerability classified as problematic was found in Nagios NCPA. This vulnerability affects unknown code of the file agent/listener/templates/tail.html. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.4.0 is able to address this issue. The name of the patch is 5abbcd7aa26e0fc815e6b2b0ffe1c15ef3e8fab5. It is recommended to upgrade the affected component. VDB-216874 is the identifier assigned to this vulnerability.Show less
CVE-2022-38254 1Nagios 1Nagios Xi Nov 21, 2024 Sep 7, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
CVE-2022-38251 1Nagios 1Nagios Xi Nov 21, 2024 Sep 7, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.

Previous 1...678...16 Next