5.1
CVE-2024-14000 - Nagios XI < 2024R1.1.3 XSS via Capacity Planning Report
Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2023-7313 - Nagios XI < 5.11.3 XSS via Bulk Modifications
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2020-36865 - Nagios XI < 5.7.2 XSS via BPI Config Management
Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Business Process Intelligence) component’s Config Management and Edit Config page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t…
5.1
CVE-2021-47696 - Nagios XI < 5.8.0 XSS via BPI Config ID Handling
Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2023-7314 - Nagios XI < 5.11.3 XSS via Bandwidth Report
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2011-10036 - Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2011-10039 - Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of…
5.1
CVE-2021-47699 - Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form
Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2023-53688 - Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the contex…
9.4
CVE-2023-7317 - Nagios XI < 2024R1 Web SSH Terminal Missing Access Control
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of s…