Observium Security Vulnerabilities and Issues — Observium CVE List

Lucene search

ObserviumObservium

23 matches found

CVE•added 2020/09/25 2:15 p.m.•68 views

CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injecti...

6.5CVSS7AI score0.00297EPSS

CVE•added 2020/09/25 3:15 p.m.•68 views

CVE-2020-25132

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection...

9.8CVSS9.7AI score0.00351EPSS

CVE•added 2020/09/25 6:15 p.m.•63 views

CVE-2020-25148

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 3:15 p.m.•50 views

CVE-2020-25134

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limit...

8.8CVSS8.6AI score0.03608EPSS

CVE•added 2025/01/15 3:15 p.m.•48 views

CVE-2024-47140

A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.

8.7CVSS6.6AI score0.001EPSS

CVE•added 2020/09/25 3:15 p.m.•45 views

CVE-2020-25133

8.8CVSS8.6AI score0.01032EPSS

CVE•added 2020/09/25 3:15 p.m.•44 views

CVE-2020-25135

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2025/01/15 3:15 p.m.•44 views

CVE-2024-45061

A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.

8.7CVSS6.6AI score0.00135EPSS

CVE•added 2020/09/25 6:15 p.m.•43 views

CVE-2020-25145

8.8CVSS8.6AI score0.01032EPSS

CVE•added 2020/09/25 6:15 p.m.•43 views

CVE-2020-25146

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.

6.1CVSS5.9AI score0.00317EPSS

CVE•added 2020/09/25 6:15 p.m.•41 views

CVE-2020-25142

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.

6.5CVSS6.5AI score0.00117EPSS

CVE•added 2020/09/25 5:15 p.m.•40 views

CVE-2020-25139

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule,...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 6:15 p.m.•40 views

CVE-2020-25149

8.8CVSS8.6AI score0.01032EPSS

CVE•added 2020/09/25 5:15 p.m.•39 views

CVE-2020-25137

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /aler...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 6:15 p.m.•39 views

CVE-2020-25143

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_...

8.8CVSS8.9AI score0.00257EPSS

CVE•added 2020/09/25 2:15 p.m.•38 views

CVE-2020-25131

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ UR...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 3:16 p.m.•38 views

CVE-2020-25136

8.8CVSS8.6AI score0.01284EPSS

CVE•added 2020/09/25 6:15 p.m.•38 views

CVE-2020-25141

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 6:15 p.m.•38 views

CVE-2020-25144

8.8CVSS8.6AI score0.01032EPSS

CVE•added 2020/09/25 5:15 p.m.•36 views

CVE-2020-25138

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2020/09/25 6:15 p.m.•36 views

CVE-2020-25147

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authent...

9.8CVSS9.7AI score0.00366EPSS

CVE•added 2020/09/25 5:15 p.m.•35 views

CVE-2020-25140

6.1CVSS5.9AI score0.00359EPSS

CVE•added 2025/01/15 3:15 p.m.•32 views

CVE-2024-47002

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.

8.7CVSS7.3AI score0.0016EPSS