Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios xi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38251
Nagios XI v5.8.6 exists to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
Nagios Nagios Xi 5.8.6
383
VMScore
CVE-2021-25299
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to st...
Nagios Nagios Xi 5.7.5
1 Github repository
383
VMScore
CVE-2020-5790
Cross-site request forgery in Nagios XI 5.7.3 allows a remote malicious user to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Nagios Nagios Xi 5.7.3
578
VMScore
CVE-2020-5792
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
Nagios Nagios Xi 5.7.3
578
VMScore
CVE-2021-40344
An issue exists in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command e...
Nagios Nagios Xi 5.8.5
312
VMScore
CVE-2019-20139
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
Nagios Nagios Xi 5.6.9
668
VMScore
CVE-2021-37344
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
Nagios Nagios Xi Switch Wizard
668
VMScore
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Nagios Nagios Xi Watchguard Wizard
668
VMScore
CVE-2021-37353
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
Nagios Nagios Xi Docker Wizard
668
VMScore
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) prior to 2.2.7 allows malicious users to execute arbitrary SQL commands.
Nagios Incident Manager
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »