sT0wn-nl

4 exploits Active since Jun 2022
CVE-2022-29269 WRITEUP MEDIUM WRITEUP
Nagios XI <= 5.8.5 - Authenticated Cross-Site Scripting in Schedule Report Function
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVSS 6.5
CVE-2022-29270 WRITEUP MEDIUM WRITEUP
Nagios XI <= 5.8.5 - Unauthenticated Email Address Change
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVSS 4.3
CVE-2022-29271 WRITEUP MEDIUM WRITEUP
Nagios XI <5.8.5 - Privilege Escalation
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVSS 6.5
CVE-2022-29272 WRITEUP MEDIUM WRITEUP
Nagios XI <= 5.8.5 - Open Redirect via Login Function
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVSS 6.1