5.1
CVE-2013-10074 - Nagios XI < 2012R2.6 XSS via Tools Menu
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2011-10040 - Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's bro…
5.1
CVE-2016-15051 - Nagios XI < 5.2.4 XSS via Report startdate/enddate Fields
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a …
5.1
CVE-2011-10038 - Nagios XI < 2011R1.9 XSS via Recurring Downtime Script
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2021-47695 - Nagios XI < 5.8.0 XSS via My Tools Page
Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2016-15053 - Nagios XI < 5.2.4 XSS via “My Reports” Listing
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2016-15052 - Nagios XI < 5.2.4 XSS via Menu System
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2020-36866 - Nagios XI < 5.7.3 XSS via Manage Users in Admin Interface
Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2023-7316 - Nagios XI < 2024R1 XSS via Graph Explorer
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
5.1
CVE-2023-7315 - Nagios XI < 5.11.3 XSS via Graph Explorer
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.