9 matches found
CVE-2026-3466
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...
UBUNTU-CVE-2026-3466
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking a...
CVE-2026-3466
Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 EOL, Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 beta before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting XSS attacks by tricking...
CVE-2013-10071
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
EUVD-2013-7286
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
CVE-2013-10071
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
CVE-2013-10071 Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Load Functionality
Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting XSS vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's...
SUSE CVE-2018-18249
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=$PATH$APACHERUNDIR$APACHERUNUSER parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet...