Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

XI — Vulnerabilities & Security Advisories 77

All 77 CVE vulnerabilities found in XI, with AI-generated Chinese analysis, references, and POCs.

Vendor: Nagios

CVE IDTitleCVSSSeverityPublished
CVE-2020-36863 Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory CWE-434 8.8AIHighAI2025-10-30
CVE-2020-36862 Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Highcharts CWE-79 6.1AIMediumAI2025-10-30
CVE-2022-50587 Nagios XI < 5.8.9 Stored XSS via Command Names in Apply Config Error Text CWE-79 4.8AIMediumAI2025-10-30
CVE-2022-50586 Nagios XI < 5.8.9 Stored XSS via BPI Info URL CWE-79 4.8AIMediumAI2025-10-30
CVE-2022-50588 Nagios XI < 5.8.9 Stored XSS in Update Checking CWE-79 4.8AIMediumAI2025-10-30
CVE-2020-36869 Nagios XI < 5.7.5 SQL injection via SNMP Trap Interface Edit Page CWE-89 7.2AIHighAI2025-10-30
CVE-2016-15050 Nagios XI < 5.2.4 SQL Injection in Notification Search CWE-89 8.1AIHighAI2025-10-30
CVE-2024-13996 Nagios XI < 2024R1.1.3 Session Not Invalidated After Password Change CWE-613 9.8AICriticalAI2025-10-30
CVE-2024-13993 Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on Older Browsers CWE-79 6.1AIMediumAI2025-10-30
CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality CWE-79 6.1AIMediumAI2025-10-30
CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard CWE-78 7.2AIHighAI2025-10-30
CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM CWE-78 7.2AIHighAI2025-10-30
CVE-2024-14003 Nagios XI < 2024R1.2 RCE via NRDP Server Plugins CWE-78 9.8AICriticalAI2025-10-30
CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI) CWE-78 7.2AIHighAI2025-10-30
CVE-2011-10035 Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE CWE-367 7.0AIHighAI2025-10-30
CVE-2024-14009 Nagios XI < 2024R1.0.1 Privilege Escalation via System Profile CWE-269 7.2AIHighAI2025-10-30
CVE-2024-14004 Nagios XI < 2024R1.2 Privilege Escalation via NagVis Configuration (nagvis.conf) CWE-269 7.8AIHighAI2025-10-30
CVE-2018-25123 Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphing Component CWE-250 7.8AIHighAI2025-10-30
CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script CWE-73 7.8AIHighAI2025-10-30
CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl CWE-732 7.8AIHighAI2025-10-30
CVE-2025-34135 Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files CWE-732 7.8AIHighAI2025-10-30
CVE-2021-47700 Nagios XI < 5.8.7 Insecure Permissions on Highcharts Temporary Directory CWE-250 7.8AIHighAI2025-10-30
CVE-2024-14006 Nagios XI < 2024R1.2.2 Host Header Injection CWE-346 5.4AIMediumAI2025-10-30
CVE-2018-25122 Nagios XI < 5.4.13 Component Download Page RCE CWE-78 8.8AIHighAI2025-10-30
CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard CWE-78 7.2AIHighAI2025-10-30
CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download CWE-78 8.8AIHighAI2025-10-30
CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages CWE-79 5.4AIMediumAI2025-10-30
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page CWE-79 5.4AIMediumAI2025-10-30
CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows CWE-79 6.1AIMediumAI2025-10-30
CVE-2020-36861 Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages CWE-79 6.1AIMediumAI2025-10-30

All 77 known CVE vulnerabilities affecting XI with full Chinese analysis, references, and POCs where available.