5.1
CVE-2020-36861 - Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period…
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker …
5.1
CVE-2021-47690 - Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the con…
5.1
CVE-2020-36860 - Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in …
5.1
CVE-2021-47692 - Nagios XI < 5.8.4 Core Config Manager (CCM) XSS via Lock Page Functionality
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.2 / Nagios XI 5.8.4 contains a cross-site scripting (XSS) vulnerability via the lock page functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th…
5.1
CVE-2022-50585 - Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script i…
8.7
CVE-2020-36859 - Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to …
8.7
CVE-2021-47693 - Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject…
5.1
CVE-2021-47694 - Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting (XSS) vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary…
8.7
CVE-2013-10073 - Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary com…
7.2
CVE-2013-10072 - Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery…