Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20171 | 1 Nagios | 1 Nagios Xi | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | |||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | |||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | |||||
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2018-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | |||||
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2018-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | |||||
| CVE-2018-10736 | 1 Nagios | 1 Nagios Xi | 2018-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | |||||
| CVE-2018-10738 | 1 Nagios | 1 Nagios Xi | 2018-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | |||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2018-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | |||||
| CVE-2013-6875 | 1 Nagios | 1 Nagios Xi | 2013-11-27 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. | |||||