CVE-2020-36866 Nagios XI < 5.7.3 XSS via Manage Users in Admin Interface

Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

CVE-2023-7312

Nagios Fusion is affected by a stored XSS in Email Settings for versions prior to 4.2.0. The vulnerability arises from insufficient input sanitization, allowing unsanitized input to be stored and later rendered in the administrative UI, enabling JavaScript execution in the browsers of users viewi...

EUVD-2025-37023

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

PT-2025-44549

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Manage Users page within the Admin interface. This is due to inadequate validation or escaping of...

CVE-2024-45161

CVE-2024-45161 describes a CSRF vulnerability in the administrative web GUI of Blu-Castle BCUM221E running version 1.0.0P220507. The issue can be triggered via a crafted URL, image load, or XMLHttpRequest, potentially leading to exposure of data or unintended code execution. The CVE notes a netwo...

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

CVE-2025-12251

A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...

CVE-2025-12246

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...

EUVD-2025-36369

A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function deleteuser of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

EUVD-2025-36367

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2025-53533

CVE-2025-53533 affects Pi-hole Admin Interface ≤ 6.2.1. It is a reflected XSS in the 404 page caused by including the requested path in the body tag’s class attribute without proper sanitization, enabling an attacker to craft a link with an onload attribute that executes arbitrary JavaScript in a...

CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...

CVE-2025-32785

Pi-hole Admin Interface (Pi-hole) versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management. An authenticated user can inject JavaScript by placing a payload in Address when creating or editing a list entry. The XSS is trigge...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

EUVD-2025-36328

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...