Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2020-22427

Disclosure Date: February 15, 2021 (last updated November 08, 2023)
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-10819

Disclosure Date: March 22, 2020 (last updated February 21, 2025)
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-10821

Disclosure Date: March 22, 2020 (last updated February 21, 2025)
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-10820

Disclosure Date: March 22, 2020 (last updated February 21, 2025)
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0