cbcvebase.

Nagios Xi vulnerabilities

59 known vulnerabilities affecting nagios/xi.

Total CVEs
59
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH17MEDIUM40

Vulnerabilities

Page 3 of 3
CVE-2021-47695P4MEDIUMCVSS 5.4fixed in 5.8.02025-10-30
CVE-2021-47695 [MEDIUM] CWE-79 CVE-2021-47695: Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Too Nagios XI versions prior to 5.8.0 are vulnerable to stored cross-site scripting (XSS) via the My Tools page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2021-47697P4MEDIUMCVSS 5.4fixed in 5.8.02025-10-30
CVE-2021-47697 [MEDIUM] CWE-79 CVE-2021-47697: Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature Nagios XI versions prior to 5.8.0 are vulnerable to cross-site scripting (XSS) via the Views feature URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2011-10036P4MEDIUMCVSS 5.4fixed in 2011R1.92025-10-30
CVE-2011-10036 [MEDIUM] CWE-79 CVE-2011-10036: Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling o Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2022-50588P4MEDIUMCVSS 5.4fixed in 5.8.92025-10-30
CVE-2022-50588 [MEDIUM] CWE-79 CVE-2022-50588: Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checkin Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting (XSS) in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2011-10040P4MEDIUMCVSS 5.4fixed in 2011R1.92025-10-30
CVE-2011-10040 [MEDIUM] CWE-79 CVE-2011-10040: Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handl Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2022-50585P4MEDIUMCVSS 5.4fixed in 5.8.92025-10-30
CVE-2022-50585 [MEDIUM] CWE-79 CVE-2022-50585: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting (XSS) vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2021-47689P4MEDIUMCVSS 5.4fixed in 5.8.02025-10-30
CVE-2021-47689 [MEDIUM] CWE-79 CVE-2021-47689: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a c The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting (XSS) vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arb
nvd
CVE-2021-47690P4MEDIUMCVSS 5.4fixed in 5.8.22025-10-30
CVE-2021-47690 [MEDIUM] CWE-79 CVE-2021-47690: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains mu The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2022-50584P4MEDIUMCVSS 5.4fixed in 5.8.82025-10-30
CVE-2022-50584 [MEDIUM] CWE-79 CVE-2022-50584: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2020-36860P4MEDIUMCVSS 5.4fixed in 5.7.42025-10-30
CVE-2020-36860 [MEDIUM] CWE-79 CVE-2020-36860: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains mu The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2016-15051P4MEDIUMCVSS 5.4fixed in 5.2.42025-10-30
CVE-2016-15051 [MEDIUM] CWE-79 CVE-2016-15051: Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports inter Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2021-47699P4MEDIUMCVSS 5.4fixed in 5.8.72025-10-30
CVE-2021-47699 [MEDIUM] CWE-79 CVE-2021-47699: Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log pag Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting (XSS) via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2011-10039P4MEDIUMCVSS 5.4fixed in 2011R1.92025-10-30
CVE-2011-10039 [MEDIUM] CWE-79 CVE-2011-10039: Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heat Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2020-36861P4MEDIUMCVSS 5.4fixed in 5.7.52025-10-30
CVE-2020-36861 [MEDIUM] CWE-79 CVE-2020-36861: The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains mu The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context
nvd
CVE-2013-10074P4MEDIUMCVSS 5.4fixed in 2012R2.62025-10-30
CVE-2013-10074 [MEDIUM] CWE-79 CVE-2013-10074: Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2021-47698P4MEDIUMCVSS 5.4fixed in 5.8.72025-11-03
CVE-2021-47698 [MEDIUM] CWE-79 CVE-2021-47698: Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling (escape_string()). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2023-53688P4MEDIUMCVSS 5.4fixed in 5.11.32025-10-30
CVE-2023-53688 [MEDIUM] CWE-79 CVE-2023-53688: Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site reque Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the comp
nvd
CVE-2020-36866P4MEDIUMCVSS 5.4fixed in 5.7.32025-10-30
CVE-2020-36866 [MEDIUM] CWE-79 CVE-2020-36866: Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting (XSS) via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
CVE-2018-25121P4MEDIUMCVSS 5.4fixed in 5.4.132025-10-30
CVE-2018-25121 [MEDIUM] CWE-79 CVE-2018-25121: Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page o Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
nvd
Nagios Xi vulnerabilities | cvebase