Lucene search
K

46 matches found

OSV
OSV
added 2026/05/05 9:53 p.m.5 views

GHSA-FW8G-CG8F-9J28 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

6.1CVSS6AI score0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.20 views

PT-2026-40721

Name of the Vulnerable Software and Affected Versions Prometheus versions 2.49.0 through 3.5.2 Prometheus versions 3.11.0 through 3.11.2 Description In the legacy web UI, which is enabled via the --enable-feature=old-ui command-line flag, the histogram heatmap chart view fails to escape label...

6.1CVSS7.5AI score0.00182EPSS
Exploits0References202
Snyk
Snyk
added 2026/04/13 4:39 p.m.8 views

Cross-site Scripting (XSS)

Overview github.com/prometheus/prometheus/web/ui is a systems and service monitoring system Affected versions of this package are vulnerable to Cross-site Scripting XSS via various UI components whose innerHTML is rendered unsanitized, based on user input. The metric names and label values used b...

6.1CVSS5.3AI score0.0024EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 5:54 p.m.11 views

Malicious code in react-leaflet-heatmap-layer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 5:54 p.m.7 views

MAL-2026-2072 Malicious code in react-leaflet-heatmap-layer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/19 11:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 9:27 a.m.3 views

CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...

6.4CVSS4.8AI score0.00227EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.8 views

CVE-2011-10039

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...

5.4CVSS6.2AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2011-5268

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...

5.1CVSS5.7AI score0.00383EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2011-10039

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...

5.4CVSS0.00383EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:48 p.m.15 views

CVE-2011-10039

CVE-2011-10039 affects Nagios XI versions prior to 2011R1.9. The issue is a cross-site scripting (XSS) vulnerability in the web interface, exploitable via the Alert Heatmap report and the “My Reports” listing due to insufficient input validation/escaping. The Red Hat and ENISA records corroborate...

5.4CVSS5.8AI score0.00383EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:48 p.m.7 views

CVE-2011-10039 Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...

5.1CVSS0.00383EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:48 p.m.4 views

CVE-2011-10039 Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...

5.1CVSS5.8AI score0.00383EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2011R1.9 that stems from insufficient validatio...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44530

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2011R1.9 Description Nagios XI versions prior to 2011R1.9 are susceptible to cross-site scripting XSS. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...

5.4CVSS6.2AI score0.00383EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in rinobot-plugin-interactive-heatmap (npm)

The package rinobot-plugin-interactive-heatmap was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in rinobot-heatmap (npm)

The package rinobot-heatmap was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-32244 Malicious code in rinobot-plugin-interactive-heatmap (npm)

The package rinobot-plugin-interactive-heatmap was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-32243 Malicious code in rinobot-heatmap (npm)

The package rinobot-heatmap was found to contain malicious code...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/09 12:0 a.m.7 views

Privacy-Utility-Fairness: a Balanced Approach to Vehicular-Traffic Management System

Location-based vehicular traffic management faces significant challenges in protecting sensitive geographical data while maintaining utility for traffic management and fairness across regions. Existing state-of-the-art solutions often fail to meet the required level of protection against linkage...

6.8AI score
Exploits0
Rows per page
Query Builder