CVE-2024-13992

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

EUVD-2024-55061

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992

Nagios XI versions prior to 2024R1.1 are vulnerable to a cross-site scripting (XSS) flaw in the page-missing.php (missing page/404) handler. An attacker can craft a malicious link from another site, which, when clicked by a victim within the Nagios XI domain, executes arbitrary JavaScript in the ...

CVE-2024-13992 Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

CVE-2024-13992 Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

PT-2025-44621

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1 Description A cross-site scripting XSS issue exists in Nagios XI when a user visits the "missing page" 404 page after following a link from another website. The page-missing.php component does not properly...

DEBIAN-CVE-2024-57881

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: don't call pfntopage on possibly non-existent PFN in splitlargebuddy In splitlargebuddy, we might call pfntopage on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last...

UBUNTU-CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

The vulnerability in the library program/lib/Roundcube/rcube_washtml.php of the RoundCube Webmail client allows a malicious user to execute arbitrary JavaScript code.

The vulnerability of the library program/lib/Roundcube/rcubewashtml.php of the RoundCube Webmail client exists because no measures have been taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code through a...

BusyBox 代码问题漏洞

A code issue vulnerability exists in Busybox, a set of applications containing several linux commands and tools developed by Denis Vlasenko, a Ukrainian personal developer, which stems from the fact that the product's man applet does not handle certain input data appropriately. An attacker could...

DEBIAN-CVE-2021-30159

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget uses FOR UPDATE, but it's only called if Title::getArticleID returns non-zero...

CVE-2013-3718

evince is missing a check on number of pages which can lead to a segmentation fault...

DEBIAN-CVE-2005-2336

Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...