Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios xi vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-15713
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
Nagios Nagios Xi 5.5.6
5.4
CVSSv3
CVE-2019-20139
In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or frequency parameter. Any authenticated user can attack the admin user.
Nagios Nagios Xi 5.6.9
6.5
CVSSv3
CVE-2018-10553
An issue exists in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.
Nagios Nagios Xi 5.4.13
9.8
CVSSv3
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
1 Github repository
7.8
CVSSv3
CVE-2018-15710
Nagios XI 5.5.6 allows local authenticated malicious users to escalate privileges to root via Autodiscover_new.php.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
6.1
CVSSv3
CVE-2018-15712
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
Nagios Nagios Xi 5.5.6
9.8
CVSSv3
CVE-2021-37344
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
Nagios Nagios Xi Switch Wizard
9.8
CVSSv3
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Nagios Nagios Xi Watchguard Wizard
9.8
CVSSv3
CVE-2021-37353
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
Nagios Nagios Xi Docker Wizard
8.8
CVSSv3
CVE-2019-9202
Nagios IM (component of Nagios XI) prior to 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
Nagios Incident Manager
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »