Nagiosxi
by Nagios
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10735 | 0.07 | — | 0.86 | May 16, 2018 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | |||
| CVE-2018-10736 | 0.07 | — | 0.83 | May 16, 2018 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | |||
| CVE-2019-9164 | 0.05 | — | 0.62 | Mar 28, 2019 | Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | |||
| CVE-2018-10738 | 0.05 | — | 0.67 | May 16, 2018 | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. | |||
| CVE-2019-9167 | 0.01 | — | 0.14 | Mar 28, 2019 | Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | |||
| CVE-2019-9165 | 0.01 | — | 0.06 | Mar 28, 2019 | SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id. | |||
| CVE-2019-9166 | 0.00 | — | 0.00 | Mar 28, 2019 | Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | |||
| CVE-2018-20171 | 0.00 | — | 0.04 | Dec 17, 2018 | An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. |
- CVE-2018-10735May 16, 2018risk 0.07cvss —epss 0.86
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
- CVE-2018-10736May 16, 2018risk 0.07cvss —epss 0.83
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
- CVE-2019-9164Mar 28, 2019risk 0.05cvss —epss 0.62
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
- CVE-2018-10738May 16, 2018risk 0.05cvss —epss 0.67
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
- CVE-2019-9167Mar 28, 2019risk 0.01cvss —epss 0.14
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
- CVE-2019-9165Mar 28, 2019risk 0.01cvss —epss 0.06
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
- CVE-2019-9166Mar 28, 2019risk 0.00cvss —epss 0.00
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
- CVE-2018-20171Dec 17, 2018risk 0.00cvss —epss 0.04
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.