Lucene search
+L

178 matches found

CVE
CVE
added 2020/09/25 5:44 p.m.55 views

CVE-2020-25146

Observium Professional/Enterprise/Community (version 20.8.10631) is affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from storing malicious JavaScript via the la_id parameter to the /syslog_rules (edit_syslog_rule) endpoint. Root cause: input injection leads to potential s...

6.1CVSS5.9AI score0.00843EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/25 5:42 p.m.16 views

CVE-2020-25145

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...

8.8AI score0.03234EPSS
Exploits0References1
CVE
CVE
added 2020/09/25 5:42 p.m.54 views

CVE-2020-25145

CVE-2020-25145 affects Observium Professional, Enterprise & Community (version 20.8.10631). The issue is a directory traversal and local file inclusion vulnerability caused by unrestricted loading of any file with an inc.php extension. An attacker can trigger inclusion via URIs such as /device/de...

8.8CVSS8.6AI score0.03234EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/25 5:38 p.m.50 views

CVE-2020-25144

CVE-2020-25144 affects Observium (Professional, Enterprise & Community) 20.8.10631. The issue is a directory traversal/local file inclusion flaw caused by an unrestricted ability to load any file with an inc.php extension, enabling inclusion of other files and, per CNVD/CNVD-2020-62450, potential...

8.8CVSS8.6AI score0.03234EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/25 5:38 p.m.23 views

CVE-2020-25144

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...

8.8AI score0.03234EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/25 5:35 p.m.25 views

CVE-2020-25143

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/deviceentities.php?entitytype=netscalervsvr&devicei...

9AI score0.01193EPSS
Exploits0References1
CVE
CVE
added 2020/09/25 5:33 p.m.54 views

CVE-2020-25142

Observium (Professional, Enterprise & Community) 20.8.10631 is affected by a CSRF vulnerability: links/forms lack an unpredictable CSRF token, allowing forged requests such as adding Device Settings via the /addsrv URI. The issue is documented across multiple sources (NVD and CVE records). No rem...

6.5CVSS6.5AI score0.00508EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/25 5:33 p.m.25 views

CVE-2020-25142

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...

6.5AI score0.00508EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/25 5:31 p.m.21 views

CVE-2020-25141

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI...

5.9AI score0.007EPSS
Exploits1References1
CVE
CVE
added 2020/09/25 5:31 p.m.50 views

CVE-2020-25141

Observium (Professional, Enterprise & Community) version 20.8.10631 is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue arises from the ability to inject and store malicious JavaScript via the URI path /device/device=140/tab=wifi/view=, enabling script execution in context...

6.1CVSS5.9AI score0.007EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/09/25 5:15 p.m.4 views

CVE-2020-25138

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alertcheck/action=deletealertchecker/alerttestid=...

6.1CVSS5.8AI score0.007EPSS
Exploits1References1
NVD
NVD
added 2020/09/25 5:15 p.m.17 views

CVE-2020-25138

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alertcheck/action=deletealertchecker/alerttestid=...

6.1CVSS0.007EPSS
Exploits1References1
OSV
OSV
added 2020/09/25 5:15 p.m.3 views

CVE-2020-25140

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...

6.1CVSS6.4AI score0.00641EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 5:15 p.m.9 views

CVE-2020-25137

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...

6.1CVSS5.8AI score0.007EPSS
Exploits1References1
NVD
NVD
added 2020/09/25 5:15 p.m.19 views

CVE-2020-25140

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...

6.1CVSS0.00641EPSS
Exploits0References1
NVD
NVD
added 2020/09/25 5:15 p.m.28 views

CVE-2020-25139

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...

6.1CVSS0.007EPSS
Exploits1References1
OSV
OSV
added 2020/09/25 5:15 p.m.6 views

CVE-2020-25139

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2020/09/25 5:15 p.m.20 views

CVE-2020-25137

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...

6.1CVSS0.007EPSS
Exploits1References1
Prion
Prion
added 2020/09/25 5:15 p.m.20 views

Cross site scripting

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...

4.3CVSS5.9AI score0.007EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/09/25 5:15 p.m.21 views

Cross site scripting

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...

4.3CVSS5.8AI score0.00641EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder