CVE-2026-3466 Cross-site scripting in dashlet title

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

CVE-2024-33775

CVE-2024-33775 concerns Nagios XI 2024R1.01 where the Autodiscover component is vulnerable to privilege escalation via a crafted Dashlet. Red Hat and CVE listings describe a remote attacker gaining high-privilege/root access through manipulation of the Dashlet (e.g., RSS dashlet) in Nagios XI. Pu...

PT-2024-25473 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R1.01 Description: An issue with the Autodiscover component in Nagios XI allows a remote attacker to escalate privileges via a crafted Dashlet. Recommendations: For Nagios XI version 2024R1.01, consider disabling the...