Filtered by vendor Nagios
Subscriptions
Filtered by product Nagios Xi
Subscriptions
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23992 | 1 Nagios | 1 Nagios Xi | 2024-10-03 | 6.1 Medium |
| Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | ||||
| CVE-2023-40931 | 1 Nagios | 1 Nagios Xi | 2024-09-25 | 6.5 Medium |
| A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | ||||
| CVE-2023-40934 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 7.2 High |
| A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | ||||
| CVE-2023-40932 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials. | ||||
| CVE-2023-40933 | 1 Nagios | 1 Nagios Xi | 2024-09-24 | 8.8 High |
| A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | ||||
| CVE-2018-15709 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | ||||
| CVE-2018-15708 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2018-15711 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. | ||||
| CVE-2018-15710 | 1 Nagios | 1 Nagios Xi | 2024-09-17 | N/A |
| Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | ||||
| CVE-2013-6875 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | ||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | ||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-09-16 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | ||||
| CVE-2023-48084 | 1 Nagios | 1 Nagios Xi | 2024-08-28 | 9.8 Critical |
| Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. | ||||
| CVE-2018-20171 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. | ||||
| CVE-2018-20172 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. | ||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | ||||
| CVE-2018-17148 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | ||||
| CVE-2018-17146 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. | ||||
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2024-08-05 | N/A |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | ||||