Lucene search
K

163 matches found

OSV
OSV
added 2025/10/30 10:15 p.m.5 views

CVE-2021-47689

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.7 views

CVE-2021-47693

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...

8.8CVSS0.01027EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.3 views

CVE-2020-36859

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

8.8CVSS5.8AI score0.00833EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2020-36856

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS0.02238EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS0.00383EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2020-36859

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

8.8CVSS0.00833EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

5.4CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.6 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:42 p.m.7 views

CVE-2025-34286 Nagios XI < 2026R1 RCE via Run Check Command in CCM

Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager CCM Run Check command. Insufficient validation/escaping of parameters used to build backend command lines allows an authenticated administrator to inject shell metacharacters that are...

9.4CVSS0.02194EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:42 p.m.30 views

CVE-2025-34286

Nagios XI

9.4CVSS7.9AI score0.02194EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:36 p.m.6 views

CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

5.1CVSS0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:36 p.m.2 views

CVE-2021-47689 Nagios XI < 5.8.0 Core Config Manager (CCM) XSS via Templates Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.0 / Nagios XI 5.8.0 contais a cross-site scripting XSS vulnerability in the Templates pages, specifically in the UI logic that renders and handles the Active/Actions buttons. Insufficient validation or escaping of user-supplied...

5.1CVSS5.6AI score0.00401EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:36 p.m.12 views

CVE-2021-47689

The CVE covers Nagios XI with Core Config Manager (CCM) vulnerable prior to CCM 3.1.0 / Nagios XI 5.8.0. Root cause is insufficient validation/escaping in the Templates pages UI logic that renders Active/Actions buttons, enabling cross-site scripting (XSS) via user-supplied input. Reported impact...

5.4CVSS5.6AI score0.00401EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:36 p.m.5 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

5.1CVSS0.00407EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:36 p.m.13 views

CVE-2021-47691

The Nagios XI Core Config Manager (CCM) is affected by cross-site scripting (XSS) vulnerabilities in CCM prior to 3.1.1 and Nagios XI prior to 5.8.2. The issue arises from insufficient validation/escaping of user-supplied input in the Services page, specifically the config_name and service_descri...

5.4CVSS5.9AI score0.00407EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:36 p.m.4 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

5.1CVSS5.9AI score0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:36 p.m.6 views

CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

5.1CVSS0.00383EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:36 p.m.2 views

CVE-2022-50584 Nagios XI < 5.8.8 Core Config Manager (CCM) XSS via Search & Deletion Flows

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting XSS vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script ...

5.1CVSS5.7AI score0.00383EPSS
Exploits0References2
Rows per page
Query Builder