4 matches found
CVE-2026-28378 Cross-Organization Public Dashboard Deletion via Missing Org Isolation
The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...
CVE-2025-34277
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...
CVE-2025-34277 Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashboard ID
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...
PT-2020-12784 · Comodo +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.7.0 iTop essential and iTop professional versions prior to 2.6.4 Description: The issue allows dashboard ids to be exploited with a reflective XSS payload. Recommendations: For versions prior to 2.7.0, update to versi...