Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-17146
A cross-site scripting vulnerability exists in Nagios XI prior to 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an malicious user to execute arbitrary JavaScript code within the auto login admin management ...
Nagios Nagios Xi
5
CVSSv2
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI prior to 5.5.4 allows remote malicious users to gain access to configuration files containing confidential credentials.
Nagios Nagios Xi
3.5
CVSSv2
CVE-2020-27989
Nagios XI prior to 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
Nagios Nagios Xi
3.5
CVSSv2
CVE-2020-27991
Nagios XI prior to 5.7.5 is vulnerable to XSS in Account Information (Email field).
Nagios Nagios Xi
4
CVSSv2
CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, th...
Nagios Nagios Xi
4
CVSSv2
CVE-2022-29269
In Nagios XI up to and including 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Nagios Nagios Xi
4
CVSSv2
CVE-2022-29270
In Nagios XI up to and including 5.8.5, it is possible for a user without password verification to change his e-mail address.
Nagios Nagios Xi
4
CVSSv2
CVE-2022-29271
In Nagios XI up to and including 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an malicious user to permanently disable all monitoring checks.
Nagios Nagios Xi
5.8
CVSSv2
CVE-2022-29272
In Nagios XI up to and including 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Nagios Nagios Xi
NA
CVE-2022-38248
Nagios XI before v5.8.7 exists to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
Nagios Nagios Xi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »