Approved changes feed: RSS · Atom
cpe:2.3:a:nagios:nagios_xi:2012:*:*:*:*:*:*:*
part: a version: 2012 update: *
| Vendor | Nagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe) |
|---|---|
| Product | Nagios Xi (7baa8382-9566-5d4f-a39b-a6738305acfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2013-10074 |
vulnerable | 2026-06-03 14:32:47.497197 |
Nagios XI < 2012R2.6 XSS via Tools Menu
Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published: 2025-10-30T21:56:22.290Z
Updated: 2025-11-17T18:21:37.954Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-10073 |
vulnerable | 2026-06-03 14:32:47.496664 |
Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service.
Published: 2025-10-30T21:32:22.811Z
Updated: 2025-11-17T18:21:37.775Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-10072 |
vulnerable | 2026-06-03 14:32:47.496132 |
Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization
Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery operations.
Published: 2025-10-30T21:32:02.900Z
Updated: 2025-11-17T18:21:37.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-10071 |
vulnerable | 2026-06-03 14:32:47.492018 |
Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published: 2025-10-30T21:43:34.559Z
Updated: 2025-11-17T18:21:37.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-10063 |
vulnerable | 2026-06-03 14:31:40.868577 |
Nagios XI < 2012R1.3 Authenticated SQL Injection in Legacy CCM
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in the application database. Successful exploitation could disclose or modify notification data and, in some cases, impact the application database more broadly.
Published: 2025-10-30T21:31:21.797Z
Updated: 2025-11-24T20:28:50.030Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.