Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10737 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | |||||
| CVE-2018-10736 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | |||||
| CVE-2018-10735 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2018-10553 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings. | |||||