19 matches found
EUVD-2020-17821
Malware in sbrugna...
EUVD-2020-17832
Malware in sbrugna...
EUVD-2020-17828
Malware in sbrugna...
CVE-2020-25146
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for editsyslogrule...
CVE-2020-25144
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...
CVE-2020-25141
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI...
CVE-2020-25148
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php...
CVE-2020-25149
CVE-2020-25149 affects Observium (Professional/Enterprise/Community) v20.8.10631. The issue is a directory traversal and local file inclusion vulnerability due to unrestricted loading of files with an inc.php extension, enabling inclusion of files via /device/device=345/?tab=health&metric=../ (du...
CVE-2020-25146
Observium Professional/Enterprise/Community (version 20.8.10631) is affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from storing malicious JavaScript via the la_id parameter to the /syslog_rules (edit_syslog_rule) endpoint. Root cause: input injection leads to potential s...
CVE-2020-25145
CVE-2020-25145 affects Observium Professional, Enterprise & Community (version 20.8.10631). The issue is a directory traversal and local file inclusion vulnerability caused by unrestricted loading of any file with an inc.php extension. An attacker can trigger inclusion via URIs such as /device/de...
CVE-2020-25138
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alertcheck/action=deletealertchecker/alerttestid=...
CVE-2020-25138
Observium (Professional/Enterprise/Community) 20.8.10631 is affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from storing malicious JavaScript via /alert_check/action=delete_alert_checker/alert_test_id= in pages/alert_check.inc.php. This CVE is supported by multiple connec...
CVE-2020-25137
CVE-2020-25137 affects Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) via the alert_check URI, allowing injection and storage of malicious JavaScript through the alert_name or alert_message parameters. Affected component: the alert_check ...
CVE-2020-25137
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...
CVE-2020-25136
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...
CVE-2020-25135
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graphtitle parameter to the graphs/ URI...
CVE-2020-25134
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...
CVE-2020-25135
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graphtitle parameter to the graphs/ URI...
Cross site scripting
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the rolename or roledescr parameter to the roles/ URI...