GCVE - cpe:2.3:a:nagios:nagios_xi:2012:r1.5:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nagios:nagios_xi:2012:r1.5:*:*:*:*:*:*

part: a version: 2012 update: r1.5

Vendor	Nagios (`7fb1328e-019e-51f8-8fa9-c12efadd1bbe`)
Product	Nagios Xi (`7baa8382-9566-5d4f-a39b-a6738305acfe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-10074`	vulnerable	2026-06-03 14:32:47.497326	Nagios XI < 2012R2.6 XSS via Tools Menu Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:56:22.290Z Updated: 2025-11-17T18:21:37.954Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-xss-via-tools-menu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-10073`	vulnerable	2026-06-03 14:32:47.496787	Nagios XI < 2012R1.6 Auto-Discovery Shell Command Injection Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to discovery functionality to execute arbitrary commands with the privileges of the application service. Published: 2025-10-30T21:32:22.811Z Updated: 2025-11-17T18:21:37.775Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-shell-command-injection	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-10072`	vulnerable	2026-06-03 14:32:47.496274	Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery operations. Published: 2025-10-30T21:32:02.900Z Updated: 2025-11-17T18:21:37.552Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-auto-discovery-missing-authorization	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-10071`	vulnerable	2026-06-03 14:32:47.495643	Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. Published: 2025-10-30T21:43:34.559Z Updated: 2025-11-17T18:21:37.382Z Open on db.gcve.eu Reference links https://www.nagios.com/changelog/nagios-xi/ https://www.vulncheck.com/advisories/nagios-xi-reflected-xss-via-dashlet-ajax-load-functionality	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.