Lucene search
K

14 matches found

EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36603

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:8 p.m.13 views

CVE-2026-54398

CVE-2026-54398 describes an authorization flaw in MISP's object add/edit handling where an authenticated user with object editing permissions can assign objects or their attributes to a sharing group they are not authorized to view. The root cause is that during object edits the sharing group val...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.10 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS6.3AI score0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 a.m.5 views

EUVD-2020-30813

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.1CVSS5.8AI score0.00383EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.4 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.5 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:34 p.m.4 views

CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.1CVSS5.9AI score0.00383EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:34 p.m.5 views

CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.1CVSS0.00383EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:34 p.m.12 views

CVE-2020-36860

CVE-2020-36860 affects Nagios XI: Core Config Manager (CCM) pre-3.0.7 / XI pre-5.7.4, with multiple XSS flaws in object edit pages due to insufficient input validation/escaping. Attackers could inject and execute scripts in a victim’s browser. Remediation provided by vendors: upgrade CCM to 3.0.7...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 9:33 p.m.4 views

CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

8.7CVSS7.1AI score0.00833EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:33 p.m.8 views

CVE-2020-36859 Nagios XI < 5.7.4 Core Config Manager (CCM) SQL Injection via Object Edit Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple SQL injection vulnerabilities in the object edit pages. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to...

8.7CVSS0.00833EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:33 p.m.20 views

CVE-2020-36859

CVE-2020-36859 – Nagios XI CCM SQL Injection Affected product: Nagios XI, Core Config Manager (CCM). Vulnerable in CCM &lt; 3.0.7 and Nagios XI

8.8CVSS7.1AI score0.00833EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44466

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.0.7 Nagios XI versions prior to 5.7.4 Description The Core Config Manager CCM in Nagios XI is susceptible to multiple cross-site scripting XSS issues present in the object edit pages. Insufficient validation o...

5.4CVSS6.4AI score0.00383EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.3 views

Absolute Secure Access 安全漏洞

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in Absolute Secure Access versions prior to 13.07 that stems from a cross-site scripting vulnerability in the management...

4.5CVSS5.9AI score0.00252EPSS
Exploits0References2
Rows per page
Query Builder