Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios xi vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-33177
The Bulk Modifications functionality in Nagios XI versions before 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
Nagios Nagios Xi
5.4
CVSSv3
CVE-2020-27989
Nagios XI prior to 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
Nagios Nagios Xi
5.4
CVSSv3
CVE-2020-27990
Nagios XI prior to 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
Nagios Nagios Xi
5.4
CVSSv3
CVE-2020-27991
Nagios XI prior to 5.7.5 is vulnerable to XSS in Account Information (Email field).
Nagios Nagios Xi
8.8
CVSSv3
CVE-2019-15949
Nagios XI prior to 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is exec...
Nagios Nagios Xi
1 EDB exploit
4 Github repositories
6.5
CVSSv3
CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, th...
Nagios Nagios Xi
5.4
CVSSv3
CVE-2018-17146
A cross-site scripting vulnerability exists in Nagios XI prior to 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an malicious user to execute arbitrary JavaScript code within the auto login admin management ...
Nagios Nagios Xi
4.8
CVSSv3
CVE-2018-17147
Nagios XI prior to 5.5.4 has XSS in the auto login admin management page.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI prior to 5.5.4 allows remote malicious users to gain access to configuration files containing confidential credentials.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2023-48084
Nagios XI before version 5.11.3 exists to contain a SQL injection vulnerability via the bulk modification tool.
Nagios Nagios Xi
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »