Every CVE whose affected-product data names Nagios Nagios Xi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (192)
CVE-2021-37350 — CVSS 9.8 (critical): Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
CVE-2024-13994 — CVSS 9.8 (critical): Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under…
CVE-2018-17148 — CVSS 9.8 (critical): An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page)…
CVE-2023-48085 — CVSS 9.8 (critical): Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.
CVE-2024-33775 — CVSS 9.8 (critical): An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet.
CVE-2012-10063 — CVSS 9.8 (critical): Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface…
CVE-2018-8733 — CVSS 9.8 (critical): Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated…
CVE-2018-8734 — CVSS 9.8 (critical): SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute…
CVE-2024-24402 — CVSS 9.8 (critical): An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd…
CVE-2018-15708 — CVSS 9.8 (critical): Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2019-12279 — CVSS 9.8 (critical): Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor…
CVE-2024-24401 — CVSS 9.8 (critical): SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the…
CVE-2023-48084 — CVSS 9.8 (critical): Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
CVE-2019-9165 — CVSS 9.8 (critical): SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys…
CVE-2020-28910 — CVSS 9.8 (critical): Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of…
CVE-2021-3193 — CVSS 9.8 (critical): Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an…
CVE-2024-14003 — CVSS 9.8 (critical): Nagios XI versions prior to 2024R1.2 are vulnerable to remote code execution (RCE) through its NRDP (Nagios Remote Data Processor) server…
CVE-2022-38250 — CVSS 9.8 (critical): Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerability via the mib_name parameter at the Manage MIBs page.
CVE-2020-28900 — CVSS 9.8 (critical): Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of…
CVE-2024-13999 — CVSS 9.8 (critical): Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication…
CVE-2024-13996 — CVSS 9.8 (critical): Nagios XI versions prior to 2024R1.1.3 did not invalidate all other active sessions for a user when that user's password was changed. As a…
CVE-2020-15903 — CVSS 9.8 (critical): An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some…
CVE-2023-48082 — CVSS 9.1 (critical): Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly…
CVE-2020-15901 — CVSS 8.8 (high): In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
CVE-2021-47693 — CVSS 8.8 (high): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the…
CVE-2024-13995 — CVSS 8.8 (high): Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including…
CVE-2025-34284 — CVSS 8.8 (high): Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied…
CVE-2021-33177 — CVSS 8.8 (high): The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the…
CVE-2013-10073 — CVSS 8.8 (high): Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is…
CVE-2025-34227 — CVSS 8.8 (high): Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL…
CVE-2016-15050 — CVSS 8.8 (high): Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search…
CVE-2024-14005 — CVSS 8.8 (high): Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of…
CVE-2024-14004 — CVSS 8.8 (high): Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf)…
CVE-2025-67255 — CVSS 8.8 (high): In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL…
CVE-2018-15709 — CVSS 8.8 (high): Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-15711 — CVSS 8.8 (high): Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then…
CVE-2020-36867 — CVSS 8.8 (high): Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied…
CVE-2024-13986 — CVSS 8.8 (high): Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal…
CVE-2023-7317 — CVSS 8.8 (high): Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged…
CVE-2018-25122 — CVSS 8.8 (high): Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import…
CVE-2018-8735 — CVSS 8.8 (high): Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary…
CVE-2018-8736 — CVSS 8.8 (high): A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability…
CVE-2019-20197 — CVSS 8.8 (high): In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to…
CVE-2019-9164 — CVSS 8.8 (high): Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
CVE-2023-40933 — CVSS 8.8 (high): A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration…
CVE-2020-24899 — CVSS 8.8 (high): Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into…
CVE-2020-28648 — CVSS 8.8 (high): Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
CVE-2020-28906 — CVSS 8.8 (high): Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root…
CVE-2020-36856 — CVSS 8.8 (high): Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script…
CVE-2020-36859 — CVSS 8.8 (high): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in…
CVE-2021-37343 — CVSS 8.8 (high): A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE…
CVE-2020-36863 — CVSS 8.8 (high): Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload…
CVE-2020-5796 — CVSS 7.8 (high): Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of…
CVE-2018-15710 — CVSS 7.8 (high): Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2019-9166 — CVSS 7.8 (high): Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and…
CVE-2018-25123 — CVSS 7.8 (high): Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related…
CVE-2020-36868 — CVSS 7.8 (high): Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed…
CVE-2025-34287 — CVSS 7.8 (high): Nagios XI versions prior to 2024R2 contain an improperly owned script, process_perfdata.pl, which is executed periodically as the nagios…
CVE-2021-37349 — CVSS 7.8 (high): Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the…
CVE-2021-37347 — CVSS 7.8 (high): Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it…
CVE-2021-47700 — CVSS 7.8 (high): Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the…
CVE-2021-40343 — CVSS 7.8 (high): An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate…
CVE-2021-37345 — CVSS 7.8 (high): Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for…
CVE-2013-6875 — CVSS 7.5 (high): SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers…
CVE-2025-67254 — CVSS 7.5 (high): NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
CVE-2021-37348 — CVSS 7.5 (high): Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
CVE-2024-14008 — CVSS 7.2 (high): Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient…
CVE-2018-10735 — CVSS 7.2 (high): A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
CVE-2018-10736 — CVSS 7.2 (high): A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
CVE-2018-10737 — CVSS 7.2 (high): A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
CVE-2018-10738 — CVSS 7.2 (high): A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
CVE-2020-22427 — CVSS 7.2 (high): NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional…
CVE-2020-35578 — CVSS 7.2 (high): An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled…
CVE-2020-36857 — CVSS 7.2 (high): Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation…
CVE-2020-36869 — CVSS 7.2 (high): Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an…
CVE-2020-5791 — CVSS 7.2 (high): Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute…
CVE-2020-5792 — CVSS 7.2 (high): Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to…
CVE-2021-3273 — CVSS 7.2 (high): Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability…
CVE-2021-3277 — CVSS 7.2 (high): Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in…
CVE-2021-40344 — CVSS 7.2 (high): An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with…
CVE-2021-40345 — CVSS 7.2 (high): An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A…
CVE-2023-40934 — CVSS 7.2 (high): A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in…
CVE-2024-13997 — CVSS 7.2 (high): Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage…
CVE-2024-14009 — CVSS 7.2 (high): Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile…
CVE-2025-34134 — CVSS 7.2 (high): Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence (BPI) component…
CVE-2025-34286 — CVSS 7.2 (high): Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command…
CVE-2011-10035 — CVSS 7.0 (high): Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab…
CVE-2025-34288 — CVSS 6.7 (medium): Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and…
CVE-2022-29271 — CVSS 6.5 (medium): In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any…
CVE-2022-29269 — CVSS 6.5 (medium): In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the…
CVE-2020-5790 — CVSS 6.5 (medium): Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate…
CVE-2013-10072 — CVSS 6.5 (medium): Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could…
CVE-2021-37223 — CVSS 6.5 (medium): Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated…
CVE-2024-13998 — CVSS 6.5 (medium): Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and…
CVE-2018-10553 — CVSS 6.5 (medium): An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by…
CVE-2023-40931 — CVSS 6.5 (medium): A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute…
CVE-2025-34283 — CVSS 6.5 (medium): Nagios XI versions prior to 2024R1.4.2 revealed API keys to users who were not authorized for API access when using Neptune themes. An…
CVE-2024-54960 — CVSS 6.5 (medium): A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the…
CVE-2024-54961 — CVSS 6.5 (medium): Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying…
CVE-2019-9167 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the…
CVE-2018-15714 — CVSS 6.1 (medium): Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2024-54957 — CVSS 6.1 (medium): Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This…
CVE-2021-47694 — CVSS 6.1 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting (XSS)…
CVE-2013-10071 — CVSS 6.1 (medium): Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load…
CVE-2025-56432 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary…
CVE-2022-38254 — CVSS 6.1 (medium): Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
CVE-2018-15712 — CVSS 6.1 (medium): Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2021-37352 — CVSS 6.1 (medium): An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an…
CVE-2024-54958 — CVSS 6.1 (medium): Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to…
CVE-2024-14006 — CVSS 6.1 (medium): Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host…
CVE-2022-29272 — CVSS 6.1 (medium): In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVE-2024-54959 — CVSS 6.1 (medium): Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based…
CVE-2020-36862 — CVSS 6.1 (medium): Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests…
CVE-2021-33179 — CVSS 6.1 (medium): The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An…
CVE-2022-38248 — CVSS 6.1 (medium): Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
CVE-2022-38249 — CVSS 6.1 (medium): Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
CVE-2018-20172 — CVSS 6.1 (medium): An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not…
CVE-2021-25299 — CVSS 6.1 (medium): Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/ss…
CVE-2018-20171 — CVSS 6.1 (medium): An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered…
CVE-2020-23992 — CVSS 6.1 (medium): Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET…
CVE-2024-13993 — CVSS 6.1 (medium): Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with…
CVE-2024-14002 — CVSS 5.5 (medium): Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user…
CVE-2024-14001 — CVSS 5.4 (medium): Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component…
CVE-2018-10554 — CVSS 5.4 (medium): An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute…
CVE-2011-10038 — CVSS 5.4 (medium): Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface…
CVE-2016-15053 — CVSS 5.4 (medium): Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface…
CVE-2016-15052 — CVSS 5.4 (medium): Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient…
CVE-2016-15051 — CVSS 5.4 (medium): Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate…
CVE-2024-42898 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2011-10037 — CVSS 5.4 (medium): Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build…
CVE-2013-10074 — CVSS 5.4 (medium): Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient…
CVE-2020-36861 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS)…
CVE-2020-36860 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS)…
CVE-2021-38156 — CVSS 5.4 (medium): In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
CVE-2021-47689 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability…
CVE-2021-47690 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS)…
CVE-2021-47691 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS)…
CVE-2021-47695 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or…
CVE-2021-47696 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via BPI config ID handling. Insufficient validation or…
CVE-2021-47697 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation…
CVE-2021-47698 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL…
CVE-2021-47699 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Insufficient…
CVE-2022-50584 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS)…
CVE-2022-50585 — CVSS 5.4 (medium): The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS)…
CVE-2022-50586 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the BPI component via the info URL field. Insufficient…
CVE-2022-50587 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) via the Apply Configuration error text. Insufficient…
CVE-2022-50588 — CVSS 5.4 (medium): Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient validation or…
CVE-2023-40932 — CVSS 5.4 (medium): A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom…
CVE-2011-10040 — CVSS 5.4 (medium): Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report…
CVE-2019-20139 — CVSS 5.4 (medium): In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgroup, or servicegroup parameter, or the schedulereport.php hour or…
CVE-2018-25121 — CVSS 5.4 (medium): Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient…
CVE-2023-51072 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows…
CVE-2023-53688 — CVSS 5.4 (medium): Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap…
CVE-2023-7313 — CVSS 5.4 (medium): Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bulk Modifications tool. Insufficient validation or…
CVE-2023-7314 — CVSS 5.4 (medium): Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Bandwidth Report component. Insufficient validation…
CVE-2023-7315 — CVSS 5.4 (medium): Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation…
CVE-2023-7316 — CVSS 5.4 (medium): Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation…
CVE-2023-7318 — CVSS 5.4 (medium): Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page…
CVE-2024-13992 — CVSS 5.4 (medium): Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after…
CVE-2018-17146 — CVSS 5.4 (medium): A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page…
CVE-2011-10039 — CVSS 5.4 (medium): Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports”…
CVE-2018-15713 — CVSS 5.4 (medium): Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2024-14000 — CVSS 5.4 (medium): Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component…
CVE-2011-10036 — CVSS 5.4 (medium): Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link…
CVE-2020-36866 — CVSS 5.4 (medium): Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface…
CVE-2020-36865 — CVSS 5.4 (medium): Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Business Process Intelligence) component’s…
CVE-2020-36864 — CVSS 5.4 (medium): Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background color settings in Dashboards…
CVE-2021-37351 — CVSS 5.3 (medium): Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a…
CVE-2022-38247 — CVSS 4.8 (medium): Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.
CVE-2022-38251 — CVSS 4.8 (medium): Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the…
CVE-2025-34135 — CVSS 4.4 (medium): Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the…
CVE-2022-29270 — CVSS 4.3 (medium): In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.