GCVE - cpe:2.3:a:nagios:nagios_xi:2011:r1.6:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_xi:2011:r1.6:*:*:*:*:*:*

part: a version: 2011 update: r1.6

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios Xi (`7baa8382-9566-5d4f-a39b-a6738305acfe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-10040`	vulnerable	2026-06-03 14:30:52.550279	Nagios XI < 2011R1.9 XSS via Status/Report Page Link Functions Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:55:55.168Z Updated: 2025-11-17T18:21:36.760Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-status-report-page-link-functions	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-10039`	vulnerable	2026-06-03 14:30:52.549740	Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:48:44.152Z Updated: 2025-11-17T18:21:36.590Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-alert-heatmap-report-and-my-reports-listing	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-10038`	vulnerable	2026-06-03 14:30:52.549212	Nagios XI < 2011R1.9 XSS via Recurring Downtime Script Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring downtime script of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:55:10.682Z Updated: 2025-11-17T18:21:36.418Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-recurring-downtime-scripts	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-10037`	vulnerable	2026-06-03 14:30:52.548666	Nagios XI < 2011R1.9 XSS via xiwindow Variables Affecting Permalinks Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:57:27.150Z Updated: 2025-12-22T17:24:04.578Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-xiwindow-variables-affecting-permalinks http://0a29.blogspot.com/2011/12/0a29-11-3-cross-site-scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-10036`	vulnerable	2026-06-03 14:30:52.548075	Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the handling of the "backend_url" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:49:05.959Z Updated: 2025-11-17T18:21:35.913Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-backend-url-javascript-link-handler	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-10035`	vulnerable	2026-06-03 14:30:52.546446	Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges. Published: 2025-10-30T21:41:36.116Z Updated: 2025-11-17T18:21:35.708Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-race-conditions-in-crontab-install-script-lpe	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.