EUVD-2026-19605

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking...

CVE-2026-3466

Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...

CVE-2026-3466

CVE-2026-3466 affects Checkmk dashboards where dashlet title links are not properly sanitized, enabling stored XSS when a user with dashboard creation privileges creates a shared dashboard. Affected versions include Checkmk 2.2.0 (EOL), 2.3.0 before 2.3.0p46, 2.4.0 before 2.4.0p25, and 2.5.0 (bet...

CVE-2019-25592

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

PT-2026-26980

PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an...

PT-2026-2986

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A security issue exists in the /apis/dashboard.grafana.app/ API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions v0alpha1,...

EUVD-2015-6289

Malware in sbrugna...

EUVD-2024-24354

Malicious code in bioql PyPI...

EUVD-2023-3204

Malicious code in bioql PyPI...

CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded...

CVE-2022-38172

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard...

CVE-2020-11454

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the...

BIT-SUPERSET-2023-49734 Apache Superset: Privilege Escalation Vulnerability

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

PT-2024-3278 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: The issue is related to improper input neutralization during web page creation, allowing a remote attacker to conduct a cross-site scripting XSS attack. A user with rights to create and share...

Exploit for Authorization Bypass Through User-Controlled Key in Zabbix

CVE-2019-17382 - Zabbix Authentication Bypass A critical vuln...

Apache Superset 2.0.0 Remote Code Execution Exploit

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...

Apache Superset Signed Cookie RCE

Apache Superset versions use exploit/linux/http/apachesupersetcookiesigrce msf exploitapachesupersetcookiesigrce show targets ...targets... msf exploitapachesupersetcookiesigrce set TARGET msf exploitapachesupersetcookiesigrce show options ...show and set options... msf...

SUSE CVE-2019-17382

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously. All created elements...

CVE-2022-35611

A Cross-Site Request Forgery CSRF in MQTTRoute v3.3 and below allows attackers to create and remove dashboards...