PT-2024-13752 · Unknown · Vx Search Enterprise

Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add command action" API endpoint in the action value variable. This could allow an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action...