Nagios Nagios Xi

11 CVEs affecting Nagios Nagios Xi. Latest disclosed: 2025-09-25. Critical: 0, High: 0.

Top CVEs affecting Nagios Nagios Xi
CVESeverityScorePublishedSummary
CVE-2025-342272025-09-25Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, a…
CVE-2024-139862025-08-28Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config S…
CVE-2021-331792021-10-14The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who acc…
CVE-2021-331772021-10-14The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authe…
CVE-2018-157142018-11-14Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2018-157132018-11-14Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-157122018-11-14Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2018-157112018-11-14Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key t…
CVE-2018-157102018-11-14Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2018-157092018-11-14Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-157082018-11-14Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.