Nagios: >> Nagios Xi >> 5.7.4 Security Vulnerabilities
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
CVSS Score
8.8
EPSS Score
0.139
Published
2020-11-16
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-13
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVSS Score
7.5
EPSS Score
0.197
Published
2013-11-26
Page 5