Lucene search
K

163 matches found

Cvelist
Cvelist
added 2025/10/30 9:33 p.m.11 views

CVE-2021-47693 Nagios XI < 5.8.5 Core Config Manager (CCM) SQL Injection via Improper Escaping in Search Text

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...

8.7CVSS0.01027EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:32 p.m.5 views

CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...

5.1CVSS0.00471EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:32 p.m.3 views

CVE-2021-47694 Nagios XI < 5.8.6 Core Config Manager (CCM) Reflected XSS via Test Command

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting XSS vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...

5.1CVSS5.7AI score0.00471EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:32 p.m.14 views

CVE-2021-47694

Nagios XI CCM (Core Config Manager) prior to CCM 3.1.4 / XI 5.8.6 is affected by a reflected XSS via the Test Command feature. The vulnerability stems from insufficient validation/escaping of user input, allowing an attacker to inject and execute arbitrary script in a victim’s browser. Affected c...

6.1CVSS5.7AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:30 p.m.9 views

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS0.02238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/30 9:30 p.m.3 views

CVE-2020-36856 Nagios XI < 5.6.14 Authenticated RCE command_test.php via address

Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM commandtest.php script. Insufficient validation of the address parameter allows an authenticated user with access to the Core Config Manager to inject shell metacharacters that are...

9.4CVSS7.2AI score0.02238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44476

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.2 Nagios XI versions prior to 5.8.4 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the lock page functionality. A lack of proper input...

5.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44462

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.6.14 Description Nagios XI versions prior to 5.6.14 have an authenticated remote command execution issue in the command test.php script within the Core Config Manager CCM. A lack of proper validation of the addres...

9.4CVSS7.2AI score0.02238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44465

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI has multiple SQL injection flaws present in the object edit pages. The application incorporates unsanitized...

8.8CVSS7.3AI score0.00833EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44467

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.5 Core Config Manager CCM versions prior to 3.0.8 Description The Core Config Manager CCM in Nagios XI has multiple cross-site scripting XSS issues in the overlay UI elements and the Notification/Check Period...

5.4CVSS6.1AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44475

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.2 Core Config Manager CCM versions prior to 3.1.1 Description The Core Config Manager CCM in Nagios XI is susceptible to cross-site scripting XSS issues through the Services page. The config name and service...

5.4CVSS6.1AI score0.00407EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44473

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.0 Nagios XI versions prior to 5.8.0 Description The Core Config Manager CCM in Nagios XI contains a cross-site scripting XSS issue in the Templates pages. The problem is related to the UI logic that renders...

5.4CVSS6AI score0.00401EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44481

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.6 Nagios XI versions prior to 5.8.8 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the search and deletion interfaces. Insufficient validation...

5.4CVSS6AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44478

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.4 Nagios XI versions prior to 5.8.6 Description The Core Config Manager CCM in Nagios XI is subject to a reflected cross-site scripting XSS issue through the Test Command functionality. A lack of proper inpu...

6.1CVSS6AI score0.00471EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44474

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.1 Nagios XI versions prior to 5.8.2 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues within Overlay modals. A lack of proper input validation or...

5.4CVSS6.2AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44466

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...

5.4CVSS6.4AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2026R1, which stems from insufficient validatio...

9.4CVSS7AI score0.02194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44482

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.7 Nagios XI versions prior to 5.8.9 Description The Core Config Manager CCM in Nagios XI is susceptible to a cross-site scripting XSS issue through the Audit Log page search input. A lack of proper input...

5.4CVSS5.9AI score0.00405EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.10 views

PT-2025-44477

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.3 Nagios XI versions prior to 5.8.5 Description The Core Config Manager CCM contains a SQL injection issue in how search text is handled. User-supplied input is not properly sanitized before being used in SQ...

8.8CVSS7.2AI score0.01027EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18467

Malware in sbrugna...

9.8CVSS9.2AI score0.01679EPSS
Exploits0References2
Rows per page
Query Builder