Lucene search
K

181 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:24 p.m.7 views

CVE-2018-12501

Nagios Fusion before 4.1.4 has XSS, aka TPS13332-13335...

6.1CVSS7AI score0.01679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:8 p.m.4 views

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

6.2CVSS5.9AI score0.00781EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:8 p.m.8 views

CVE-2018-25119

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

6.1CVSS6.2AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

6CVSS5.8AI score0.00807EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2023-7312

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

6.2CVSS5.7AI score0.00915EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2017-20209

Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting XSS via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

6.1CVSS6.2AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2025-34249

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication 2FA implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try...

9.8CVSS6.9AI score0.01561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.3 views

CVE-2025-34269

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

8.6CVSS7AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2025-37225

Nagios Fusion versions prior to 2024R2.1 contain a brute-force bypass in the Two-Factor Authentication 2FA implementation. The application did not properly enforce rate limiting or account lockout for repeated failed 2FA verification attempts, allowing a remote attacker to repeatedly try...

9.3CVSS6.3AI score0.01561EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.6 views

EUVD-2025-37224

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

8.6CVSS6.5AI score0.00292EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2018-21610

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.6AI score0.00471EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/31 12:30 a.m.4 views

EUVD-2017-18925

Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting XSS via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.6AI score0.00471EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.3 views

CVE-2025-34269

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424...

0.00292EPSS
Exploits0
NVD
NVD
added 2025/10/30 10:15 p.m.13 views

CVE-2025-34249

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425...

0.01561EPSS
Exploits0
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

6CVSS0.00807EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

6.2CVSS0.00781EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2023-7312

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

6.2CVSS0.00915EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.5 views

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

4.8CVSS5.8AI score0.00807EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.5 views

CVE-2023-53690

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

4.8CVSS5.8AI score0.00781EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2023-7312

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

4.8CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder