Test ID:	1.3.6.1.4.1.25623.1.0.803168
Category:	Web application abuses
Title:	Nagios XI 2012R1.5, 2012R1.5b Multiple Vulnerabilities
Summary:	Nagios XI is prone to multiple vulnerabilities.
Description:	Summary: Nagios XI is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Input passed via the 'xiwindow' GET parameter to admin/index.php is not properly verified before being used to be displayed as iframe. - Input passed via multiple GET parameters to various scripts is not properly sanitized before being returned to the user. - The application allows users to perform certain actions via HTTP requests without properly verifying the requests. - Input passed via the 'address' POST parameter to includes/components/autodiscovery/index.php (when 'mode' is set to 'newjob', 'update' is set to '1', and 'job' is set to '-1') is not properly verified before being used. This can be exploited to inject and execute arbitrary shell commands. Vulnerability Impact: Successful exploitation will allow remote attackers to conduct spoofing, cross-site scripting and cross-site request forgery attacks. Affected Software/OS: Nagios XI versions 2012R1.5 and 2012R1.5b. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.