10 matches found
EUVD-2020-30813
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
CVE-2020-36860 affects Nagios XI: Core Config Manager (CCM) pre-3.0.7 / XI pre-5.7.4, with multiple XSS flaws in object edit pages due to insufficient input validation/escaping. Attackers could inject and execute scripts in a victim’s browser. Remediation provided by vendors: upgrade CCM to 3.0.7...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36859
CVE-2020-36859 – Nagios XI CCM SQL Injection Affected product: Nagios XI, Core Config Manager (CCM). Vulnerable in CCM < 3.0.7 and Nagios XI
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
PT-2025-44466
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...