46 matches found
GHSA-FW8G-CG8F-9J28 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display
Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...
PT-2026-40721
Name of the Vulnerable Software and Affected Versions Prometheus versions 2.49.0 through 3.5.2 Prometheus versions 3.11.0 through 3.11.2 Description In the legacy web UI, which is enabled via the --enable-feature=old-ui command-line flag, the histogram heatmap chart view fails to escape label...
Cross-site Scripting (XSS)
Overview github.com/prometheus/prometheus/web/ui is a systems and service monitoring system Affected versions of this package are vulnerable to Cross-site Scripting XSS via various UI components whose innerHTML is rendered unsanitized, based on user input. The metric names and label values used b...
Malicious code in react-leaflet-heatmap-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2072 Malicious code in react-leaflet-heatmap-layer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2352243757a42dafc23c429819f6693b8f9a56799589414bbb527f35b1f7ed35 The package react-leaflet-heatmap-layer was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
CVE-2025-11820 Graphina – Elementor Charts and Graphs <= 3.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Widgets
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticat...
CVE-2011-10039
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...
EUVD-2011-5268
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...
CVE-2011-10039
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...
CVE-2011-10039
CVE-2011-10039 affects Nagios XI versions prior to 2011R1.9. The issue is a cross-site scripting (XSS) vulnerability in the web interface, exploitable via the Alert Heatmap report and the “My Reports” listing due to insufficient input validation/escaping. The Red Hat and ENISA records corroborate...
CVE-2011-10039 Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...
CVE-2011-10039 Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “My Reports” Listing
Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2011R1.9 that stems from insufficient validatio...
PT-2025-44530
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2011R1.9 Description Nagios XI versions prior to 2011R1.9 are susceptible to cross-site scripting XSS. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary...
Malicious code in rinobot-plugin-interactive-heatmap (npm)
The package rinobot-plugin-interactive-heatmap was found to contain malicious code...
Malicious code in rinobot-heatmap (npm)
The package rinobot-heatmap was found to contain malicious code...
MAL-2025-32244 Malicious code in rinobot-plugin-interactive-heatmap (npm)
The package rinobot-plugin-interactive-heatmap was found to contain malicious code...
MAL-2025-32243 Malicious code in rinobot-heatmap (npm)
The package rinobot-heatmap was found to contain malicious code...
Privacy-Utility-Fairness: a Balanced Approach to Vehicular-Traffic Management System
Location-based vehicular traffic management faces significant challenges in protecting sensitive geographical data while maintaining utility for traffic management and fairness across regions. Existing state-of-the-art solutions often fail to meet the required level of protection against linkage...