178 matches found
CVE-2020-25146
Observium Professional/Enterprise/Community (version 20.8.10631) is affected by a Cross-Site Scripting (XSS) vulnerability. The issue arises from storing malicious JavaScript via the la_id parameter to the /syslog_rules (edit_syslog_rule) endpoint. Root cause: input injection leads to potential s...
CVE-2020-25145
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...
CVE-2020-25145
CVE-2020-25145 affects Observium Professional, Enterprise & Community (version 20.8.10631). The issue is a directory traversal and local file inclusion vulnerability caused by unrestricted loading of any file with an inc.php extension. An attacker can trigger inclusion via URIs such as /device/de...
CVE-2020-25144
CVE-2020-25144 affects Observium (Professional, Enterprise & Community) 20.8.10631. The issue is a directory traversal/local file inclusion flaw caused by an unrestricted ability to load any file with an inc.php extension, enabling inclusion of other files and, per CNVD/CNVD-2020-62450, potential...
CVE-2020-25144
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files even though...
CVE-2020-25143
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/deviceentities.php?entitytype=netscalervsvr&devicei...
CVE-2020-25142
Observium (Professional, Enterprise & Community) 20.8.10631 is affected by a CSRF vulnerability: links/forms lack an unpredictable CSRF token, allowing forged requests such as adding Device Settings via the /addsrv URI. The issue is documented across multiple sources (NVD and CVE records). No rem...
CVE-2020-25142
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI...
CVE-2020-25141
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI...
CVE-2020-25141
Observium (Professional, Enterprise & Community) version 20.8.10631 is affected by a stored Cross-Site Scripting (XSS) vulnerability. The issue arises from the ability to inject and store malicious JavaScript via the URI path /device/device=140/tab=wifi/view=, enabling script execution in context...
CVE-2020-25138
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alertcheck/action=deletealertchecker/alerttestid=...
CVE-2020-25138
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alertcheck/action=deletealertchecker/alerttestid=...
CVE-2020-25140
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...
CVE-2020-25137
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...
CVE-2020-25140
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...
CVE-2020-25139
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...
CVE-2020-25139
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...
CVE-2020-25137
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alertname or alertmessage parameter to the...
Cross site scripting
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via laid to the /syslogrules URI for deletesyslogrule,...
Cross site scripting
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting XSS due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php...