CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13722 – Checkmk NagVis Reflected Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-13722
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. • https://checkmk.com/werks?version=2.3.0p10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13723 – Checkmk NagVis Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13723
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. • https://checkmk.com/werks?version=2.3.0p10 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47093 – Fix various XSS issues and potential RCE
https://notcve.org/view.php?id=CVE-2024-47093
19 Dec 2024 — Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS • https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46287
https://notcve.org/view.php?id=CVE-2023-46287
20 Oct 2023 — XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. XSS existe en NagVis antes de 1.9.38 a través de la función de selección en share/server/core/functions/html.php. • https://github.com/NagVis/nagvis/compare/nagvis-1.9.37...nagvis-1.9.38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46945
https://notcve.org/view.php?id=CVE-2022-46945
26 May 2023 — Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. • https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3979 – NagVis CoreLogonMultisite.php checkAuthCookie type conversion
https://notcve.org/view.php?id=CVE-2022-3979
13 Nov 2022 — A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. • https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33178
https://notcve.org/view.php?id=CVE-2021-33178
14 Oct 2021 — The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system. La funcionalidad de gestión de fondos en las versiones de NagVis anteriores a la versiión 1.9.29 es vulnerable a una vulnerabilidad de cruce de ruta autenticada. La explotación de esta vulnerabilidad hace que un actor malintencionado tenga la capacidad d... • https://nagvis.org/downloads/changelog/1.9.29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6393
https://notcve.org/view.php?id=CVE-2017-6393
02 Mar 2017 — An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se ha descubierto un problema en NagVis 1.9b12. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL "nagvis-master/share/userfiles/gadgets/std_tab... • http://www.securityfocus.com/bid/96537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •