14 matches found
EUVD-2026-36603
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...
CVE-2026-54398
CVE-2026-54398 describes an authorization flaw in MISP's object add/edit handling where an authenticated user with object editing permissions can assign objects or their attributes to a sharing group they are not authorized to view. The root cause is that during object edits the sharing group val...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
EUVD-2020-30813
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...
CVE-2020-36860
CVE-2020-36860 affects Nagios XI: Core Config Manager (CCM) pre-3.0.7 / XI pre-5.7.4, with multiple XSS flaws in object edit pages due to insufficient input validation/escaping. Attackers could inject and execute scripts in a victim’s browser. Remediation provided by vendors: upgrade CCM to 3.0.7...
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...
CVE-2020-36859
CVE-2020-36859 – Nagios XI CCM SQL Injection Affected product: Nagios XI, Core Config Manager (CCM). Vulnerable in CCM < 3.0.7 and Nagios XI
PT-2025-44466
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...
Absolute Secure Access 安全漏洞
Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in Absolute Secure Access versions prior to 13.07 that stems from a cross-site scripting vulnerability in the management...