Lucene search
K

5 matches found

CVE
CVE
added 2021/04/08 12:57 p.m.50 views

CVE-2021-28924

CVE-2021-28924 affects Nagios Network Analyzer prior to 2.4.2. The issue is a Self Authenticated XSS in the nagiosna/groups/queries page. The vulnerability is a client-side scripting flaw that can be triggered by an authenticated user interacting with the affected page, potentially leading to arb...

6.1CVSS5.9AI score0.09246EPSS
CVE
CVE
added 2021/04/08 12:57 p.m.47 views

CVE-2021-28925

Nagios Network Analyzer prior to version 2.4.3 contains a SQL injection vulnerability in the o[col] parameter of api/checks/read/. The issue is due to improper input handling that allows arbitrary SQL execution, potentially enabling an attacker to read and modify database data. Multiple sources c...

9.8CVSS9.7AI score0.04217EPSS
Web
CVE
CVE
added 2025/10/30 9:27 p.m.15 views

CVE-2025-34280

The CVE-2025-34280 affects Nagios Network Analyzer versions prior to 2024R2.0.1. The LDAP certificate management feature fails to sanitize inputs, enabling an authenticated administrator to trigger remote code execution on the host within the web application service privileges. Impact is remote c...

8.6CVSS7.7AI score0.01302EPSS
CVE
CVE
added 2025/10/30 9:28 p.m.14 views

CVE-2025-34278

CVE-2025-34278 affects Nagios Network Analyzer (versions prior to 2024R1). The issue is a stored XSS in the Source Groups page (percentile calculator menu) where an attacker-supplied payload is stored and later rendered in other users’ browsers, executing in the victim’s context. The redhat/europ...

5.4CVSS5.3AI score0.00689EPSS
CVE
CVE
added 2025/10/30 9:28 p.m.7 views

CVE-2023-7319

Nagios Network Analyzer versions prior to 2024R1 are affected by a cross-site scripting (XSS) vulnerability in the Percentile Calculator menu. The root cause is insufficient validation or escaping of user-supplied input, which can allow an attacker to inject and execute arbitrary script in a vict...

5.4CVSS5.8AI score0.00466EPSS