5.1
CVE-2011-10037 - Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the cont…
5.1
CVE-2021-47697 - Nagios XI < 5.8.0 XSS via Views URL Handling
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2018-25121 - Nagios XI < 5.4.13 XSS via Views Page
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2013-10074 - Nagios XI < 2012R2.6 XSS via Tools Menu
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2011-10040 - Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's bro…
5.1
CVE-2016-15051 - Nagios XI < 5.2.4 XSS via Report startdate/enddate Fields
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a …
5.1
CVE-2011-10038 - Nagios XI < 2011R1.9 XSS via Recurring Downtime Script
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2021-47695 - Nagios XI < 5.8.0 XSS via My Tools Page
Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2016-15053 - Nagios XI < 5.2.4 XSS via “My Reports” Listing
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2016-15052 - Nagios XI < 5.2.4 XSS via Menu System
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.