2 matches found
CVE-2019-11454
CVE-2019-11454 affects Monit before 5.25.3, with a persistent cross‑site scripting (XSS) flaw in http/cervlet.c that could be triggered via an unsanitized user field in the Authorization header during an _viewlog operation. Connected advisories show multiple distributions addressing this with fix...
CVE-2016-7067
The CVE-2016-7067 issue affects Monit prior to version 5.20.0, where a cross-site request forgery (CSRF) flaw allows an attacker to disable/enable monitoring for a host or a specific service. Public sources (NVD and OpenVAS feeds) describe the vulnerability in Monit’s monitoring control, with CVS...