CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2020-27991
https://notcve.org/view.php?id=CVE-2020-27991
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en Account Information (campo Email) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2020-27990
https://notcve.org/view.php?id=CVE-2020-27990
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en la herramienta Deployment (add agent) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2020-27989
https://notcve.org/view.php?id=CVE-2020-27989
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en Dashboard Tools (Panel Edit) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 3%CPEs: 1EXPL: 0CVE-2020-27988
https://notcve.org/view.php?id=CVE-2020-27988
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en Manage Users (campo Username) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 14%CPEs: 1EXPL: 2CVE-2020-28648 – Nagios XI / Fusion Privilege Escalation / Cross Site Scripting / Code Execution
https://notcve.org/view.php?id=CVE-2020-28648
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. Una comprobación inapropiada de entrada en el componente Auto-Discovery de Nagios XI versiones anteriores a 5.7.5, permite a un atacante autenticado ejecutar código remoto Skylight Cyber has identified a total of 13 vulnerabilities in Nagios XI and Nagios Fusion servers. These include remote code execution, cross site scripting, privilege escalation, and more. • http://packetstormsecurity.com/files/162783/Nagios-XI-Fusion-Privilege-Escalation-Cross-Site-Scripting-Code-Execution.html https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you https://www.nagios.com/downloads/nagios-xi/change-log • CWE-20: Improper Input Validation •