Nagios Xi vulnerabilities
192 known vulnerabilities affecting nagios/nagios_xi.
Total CVEs
192
CISA KEV
4
actively exploited
Public exploits
26
Exploited in wild
6
Severity breakdown
CRITICAL27HIGH71MEDIUM94
Vulnerabilities
Page 10 of 10
CVE-2020-36866P4MEDIUMCVSS 5.4fixed in 5.7.22025-10-30
CVE-2020-36866 [MEDIUM] CWE-79 CVE-2020-36866: Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users
Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2018-25121P4MEDIUMCVSS 5.4fixed in 5.4.132025-10-30
CVE-2018-25121 [MEDIUM] CWE-79 CVE-2018-25121: Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page o
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2022-38249P4MEDIUMCVSS 6.1v5.8.62022-09-07
CVE-2022-38249 [MEDIUM] CWE-79 CVE-2022-38249: Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR co
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the MTR component in version 1.0.4.
nvd
CVE-2022-38254P4MEDIUMCVSS 6.1fixed in 5.8.72022-09-07
CVE-2022-38254 [MEDIUM] CWE-79 CVE-2022-38254: Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
nvd
CVE-2022-38248P4MEDIUMCVSS 6.1fixed in 5.8.72022-09-07
CVE-2022-38248 [MEDIUM] CWE-79 CVE-2022-38248: Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilitie
Nagios XI before v5.8.7 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
nvd
CVE-2024-54959P4MEDIUMCVSS 6.1v20242025-02-20
CVE-2024-54959 [MEDIUM] CWE-79 CVE-2024-54959: Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorit
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).
nvd
CVE-2024-42898P4MEDIUMCVSS 5.4v20242025-01-09
CVE-2024-42898 [MEDIUM] CWE-79 CVE-2024-42898: A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbit
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.
nvd
CVE-2022-29270P4MEDIUMCVSS 4.3≤ 5.8.52022-06-29
CVE-2022-29270 [MEDIUM] CWE-306 CVE-2022-29270: In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
nvd
CVE-2025-34135P4MEDIUMCVSS 4.4fixed in 2024v20242025-10-30
CVE-2025-34135 [MEDIUM] CWE-732 CVE-2025-34135: Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that w
Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by enabling unintended execution behaviors or facilitati
nvd
CVE-2018-17147P4MEDIUMCVSS 4.8fixed in 5.5.42019-07-10
CVE-2018-17147 [MEDIUM] CWE-79 CVE-2018-17147: Nagios XI before 5.5.4 has XSS in the auto login admin management page.
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
nvd
CVE-2022-38247P4MEDIUMCVSS 4.8v5.8.62022-09-07
CVE-2022-38247 [MEDIUM] CWE-79 CVE-2022-38247: Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Settings page under the Admin panel.
nvd
CVE-2022-38251P4MEDIUMCVSS 4.8v5.8.62022-09-07
CVE-2022-38251 [MEDIUM] CWE-79 CVE-2022-38251: Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System
Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS) vulnerability via the System Performance Settings page under the Admin panel.
nvd
← Previous10 / 10