Nagios: >> Nagios Xi Security Vulnerabilities
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
CVSS Score
6.1
EPSS Score
0.033
Published
2022-09-07
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
CVSS Score
6.1
EPSS Score
0.033
Published
2022-09-07
Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
CVSS Score
9.8
EPSS Score
0.03
Published
2022-09-07
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
CVSS Score
4.8
EPSS Score
0.028
Published
2022-09-07
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
CVSS Score
6.1
EPSS Score
0.033
Published
2022-09-07
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVSS Score
6.5
EPSS Score
0.035
Published
2022-06-29
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-06-29
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-06-29
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVSS Score
6.1
EPSS Score
0.178
Published
2022-06-29
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-10-26