XI
by Nagios
CVEs (84)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13999 | 0.00 | — | 0.01 | Oct 30, 2025 | Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems. | |||
| CVE-2025-56432 | 0.00 | — | 0.01 | Aug 26, 2025 | A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data. | |||
| CVE-2020-5796 | 0.00 | — | 0.00 | Nov 13, 2020 | Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | |||
| CVE-2020-5790 | 0.00 | — | 0.03 | Oct 20, 2020 | Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
- CVE-2024-13999Oct 30, 2025risk 0.00cvss —epss 0.01
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, escalation of privileges, or further compromise of network-integrated systems.
- CVE-2025-56432Aug 26, 2025risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.
- CVE-2020-5796Nov 13, 2020risk 0.00cvss —epss 0.00
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
- CVE-2020-5790Oct 20, 2020risk 0.00cvss —epss 0.03
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
Page 5 of 5