RSS   Vulnerabilities for 'Nagios xi'   RSS

2019-03-28
 
CVE-2019-9167

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

 
 
CVE-2019-9166

CWE-264
 

 
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

 
 
CVE-2019-9165

CWE-89
 

 
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.

 
 
CVE-2019-9164

CWE-77
 

 
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.

 
2018-12-17
 
CVE-2018-20172

CWE-79
 

 
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.

 
 
CVE-2018-20171

CWE-79
 

 
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.

 
2018-11-14
 
CVE-2018-15714

CWE-79
 

 
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.

 
 
CVE-2018-15713

CWE-79
 

 
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

 
 
CVE-2018-15712

CWE-79
 

 
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.

 
 
CVE-2018-15711

CWE-264
 

 
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.

 


Copyright 2019, cxsecurity.com

 

Back to Top