Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
Nagios XI versions prior to 2024R2 contain a command injection vulnerability in the WinRM plugin. Insufficient validation of user-supplied parameters allows an authenticated administrator to inject sh
Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local exporting tool. Crafted export requests could (1) inject script into exported/returned content due to
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient valid
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated admini
Nagios XI versions prior to 2026R1 contain a remote code execution vulnerability in the Core Config Manager (CCM) Run Check command. Insufficient validation/escaping of parameters used to build backe
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quot
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rende
Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface witho
Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attac
Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence (BPI) component. Insufficient validation and sanitization of administrator-con
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3
is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper val
A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can i
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields messag
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying craft
A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article
The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorpo
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to