Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nagios_xi
(Nagios)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-28 | CVE-2019-9166 | Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | Nagios_xi | 7.8 | ||
| 2019-03-28 | CVE-2019-9167 | Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | Nagios_xi | 6.1 | ||
| 2018-04-30 | CVE-2018-10554 | An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | Nagios_xi | 5.4 | ||
| 2020-03-22 | CVE-2020-10821 | Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. | Nagios_xi | N/A | ||
| 2020-03-22 | CVE-2020-10820 | Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. | Nagios_xi | N/A | ||
| 2020-03-22 | CVE-2020-10819 | Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. | Nagios_xi | N/A | ||
| 2019-12-31 | CVE-2019-20197 | In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | Nagios_xi | N/A | ||
| 2019-12-30 | CVE-2019-20139 | In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user. | Nagios_xi | N/A | ||
| 2019-07-10 | CVE-2018-17147 | Nagios XI before 5.5.4 has XSS in the auto login admin management page. | Nagios_xi | 4.8 | ||
| 2018-11-14 | CVE-2018-15710 | Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | Nagios_xi | 7.8 |