Nagios Fusion

19 CVEs affecting Nagios Fusion. Latest disclosed: 2025-10-30. Critical: 6, High: 5.

Top CVEs affecting Nagios Fusion
CVESeverityScorePublishedSummary
CVE-2020-28908Critical9.82021-05-24Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
CVE-2020-28907Critical9.82021-05-24Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to do…
CVE-2020-28904Critical9.82021-05-24Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component co…
CVE-2020-28902Critical9.82021-05-24Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.
CVE-2020-28901Critical9.82021-05-24Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component install…
CVE-2020-28900Critical9.82021-05-24Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code E…
CVE-2020-28909High8.82021-05-24Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are abl…
CVE-2020-28906High8.82021-05-24Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are…
CVE-2020-28905High8.82021-05-24Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination.
CVE-2025-60425High8.62025-10-27Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attac…
CVE-2025-60424High7.62025-10-27A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce att…
CVE-2020-28911Medium6.52021-05-24Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the…
CVE-2018-25119Medium6.12025-10-30Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of use…
CVE-2017-20209Medium6.12025-10-30Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation or escaping of user…
CVE-2020-28903Medium6.12021-05-24Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control over a fused server to inject arbitrary HTML, aka XSS.
CVE-2018-12501Medium6.12018-06-16Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
CVE-2023-7312Medium4.82025-10-30Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user inp…
CVE-2023-53690Medium4.82025-10-30Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized…
CVE-2023-53689Medium4.82025-10-30Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in exe…