5 matches found
CVE-2021-28924
CVE-2021-28924 affects Nagios Network Analyzer prior to 2.4.2. The issue is a Self Authenticated XSS in the nagiosna/groups/queries page. The vulnerability is a client-side scripting flaw that can be triggered by an authenticated user interacting with the affected page, potentially leading to arb...
CVE-2021-28925
Nagios Network Analyzer prior to version 2.4.3 contains a SQL injection vulnerability in the o[col] parameter of api/checks/read/. The issue is due to improper input handling that allows arbitrary SQL execution, potentially enabling an attacker to read and modify database data. Multiple sources c...
CVE-2025-34280
The CVE-2025-34280 affects Nagios Network Analyzer versions prior to 2024R2.0.1. The LDAP certificate management feature fails to sanitize inputs, enabling an authenticated administrator to trigger remote code execution on the host within the web application service privileges. Impact is remote c...
CVE-2025-34278
CVE-2025-34278 affects Nagios Network Analyzer (versions prior to 2024R1). The issue is a stored XSS in the Source Groups page (percentile calculator menu) where an attacker-supplied payload is stored and later rendered in other users’ browsers, executing in the victim’s context. The redhat/europ...
CVE-2023-7319
Nagios Network Analyzer versions prior to 2024R1 are affected by a cross-site scripting (XSS) vulnerability in the Percentile Calculator menu. The root cause is insufficient validation or escaping of user-supplied input, which can allow an attacker to inject and execute arbitrary script in a vict...