Nagios XI 5.7.5
Approved changes feed: RSS · Atom
cpe:2.3:a:nagios:nagios_xi:5.7.5:*:*:*:*:*:*:*
part: a version: 5.7.5 update: *
| Vendor | Nagios (7fb1328e-019e-51f8-8fa9-c12efadd1bbe) |
|---|---|
| Product | Nagios Xi (7baa8382-9566-5d4f-a39b-a6738305acfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-25299 |
vulnerable | 2026-06-03 14:44:04.994781 |
Details available
Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.
Published: 2021-02-15T12:32:03.000Z
Updated: 2024-08-03T20:03:04.120Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25298 |
vulnerable | 2026-06-03 14:44:04.994430 |
Details available
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Published: 2021-02-15T00:00:00.000Z
Updated: 2025-10-21T23:35:26.568Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25297 |
vulnerable | 2026-06-03 14:44:04.993920 |
Details available
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Published: 2021-02-15T00:00:00.000Z
Updated: 2025-10-21T23:35:27.009Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25296 |
vulnerable | 2026-06-03 14:44:04.992698 |
Details available
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
Published: 2021-02-15T00:00:00.000Z
Updated: 2025-10-21T23:35:27.410Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.