Nagios

Nagios Xi

110 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-34227

  • EPSS 0.53%
  • Veröffentlicht 25.09.2025 17:15:38
  • Zuletzt bearbeitet 26.09.2025 14:32:19

Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provide...

8.8

CVE-2024-13986

Exploit
  • EPSS 1.02%
  • Veröffentlicht 28.08.2025 15:49:46
  • Zuletzt bearbeitet 09.09.2025 18:40:57

Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensi...

6.1

CVE-2025-56432

  • EPSS 0.44%
  • Veröffentlicht 26.08.2025 00:00:00
  • Zuletzt bearbeitet 09.09.2025 18:56:36

A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web comp...

8.6

CVE-2012-10029

  • EPSS 64.8%
  • Veröffentlicht 05.08.2025 20:15:33
  • Zuletzt bearbeitet 06.08.2025 16:15:27

Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code e...

6.1

CVE-2024-54957

  • EPSS 0.11%
  • Veröffentlicht 27.02.2025 20:16:01
  • Zuletzt bearbeitet 07.07.2025 17:49:10

Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without ...

6.1

CVE-2024-54958

  • EPSS 1.65%
  • Veröffentlicht 20.02.2025 18:15:25
  • Zuletzt bearbeitet 01.07.2025 15:02:14

Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other ...

6.1

CVE-2024-54959

  • EPSS 1.65%
  • Veröffentlicht 20.02.2025 18:15:25
  • Zuletzt bearbeitet 01.07.2025 15:02:21

Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).

6.5

CVE-2024-54960

  • EPSS 1.82%
  • Veröffentlicht 20.02.2025 18:15:25
  • Zuletzt bearbeitet 07.07.2025 17:46:10

A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.

6.5

CVE-2024-54961

  • EPSS 2.43%
  • Veröffentlicht 20.02.2025 18:15:25
  • Zuletzt bearbeitet 18.06.2025 23:39:55

Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.

5.4

CVE-2024-42898

Exploit
  • EPSS 4.26%
  • Veröffentlicht 09.01.2025 20:15:38
  • Zuletzt bearbeitet 24.06.2025 14:27:00

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.