Shodan
Vulnerabilities
Vulnerable Software
Nagios:  Security Vulnerabilities
CVE-2021-25299
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
CVSS Score
6.1
EPSS Score
0.799
Published
2021-02-15
CVE-2021-26024
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.
CVSS Score
5.3
EPSS Score
0.011
Published
2021-02-03
CVE-2021-26023
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.648
Published
2021-02-03
CVE-2021-3193
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
CVSS Score
9.8
EPSS Score
0.226
Published
2021-01-26
CVE-2020-25385
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
CVSS Score
6.1
EPSS Score
0.372
Published
2021-01-20
CVE-2020-35578
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
CVSS Score
7.2
EPSS Score
0.904
Published
2021-01-13
CVE-2020-35269
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
CVSS Score
8.8
EPSS Score
0.038
Published
2020-12-23
CVE-2020-27990
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
CVE-2020-27991
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
CVE-2020-27988
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
CVSS Score
5.4
EPSS Score
0.566
Published
2020-11-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved