9.4
CVE-2024-14005 - Nagios XI < 2024R1.2 Command Injection via Docker Wizard
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful e…
8.7
CVE-2020-36867 - Nagios XI < 5.7.3 Command Injection in Report PDF Download
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped, allowin…
5.1
CVE-2021-47689 - Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied …
5.1
CVE-2021-47691 - Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities via the Services page affecting the config_name and service_description fields. Insufficient validation or escaping of user-supplied input may allow …
5.1
CVE-2022-50584 - Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary scrip…
5.1
CVE-2020-36861 - Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period…
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker …
5.1
CVE-2021-47690 - Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the con…
5.1
CVE-2020-36860 - Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in …
5.1
CVE-2021-47692 - Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th…
5.1
CVE-2022-50585 - Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script i…