CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47090 – XSS via WYSIWYG editor
https://notcve.org/view.php?id=CVE-2024-47090
27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS • https://www.nagvis.org/downloads/changelog/1.9.47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38866 – Livestatus Injection in dynmaps
https://notcve.org/view.php?id=CVE-2024-38866
27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection • https://github.com/NagVis/nagvis/pull/398/commits/8d5d07e22dfca78df7420ac81cffff6f45ca9694 • CWE-140: Improper Neutralization of Delimiters •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2024-13722 – Checkmk NagVis Reflected Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-13722
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. The NagVis component within Checkmk is vulnerable to reflected cross site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. • https://packetstorm.news/files/id/189008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2024-13723 – Checkmk NagVis Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-13723
04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. The NagVis component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. • https://packetstorm.news/files/id/189009 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47093 – Fix various XSS issues and potential RCE
https://notcve.org/view.php?id=CVE-2024-47093
19 Dec 2024 — Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS • https://github.com/NagVis/nagvis/commit/30e71e8167d17a1828e7da71d6942f6fb36478cd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46287
https://notcve.org/view.php?id=CVE-2023-46287
20 Oct 2023 — XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. XSS existe en NagVis antes de 1.9.38 a través de la función de selección en share/server/core/functions/html.php. • https://github.com/NagVis/nagvis/compare/nagvis-1.9.37...nagvis-1.9.38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 3CVE-2022-46945 – NagVis 1.9.33 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2022-46945
26 May 2023 — Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. NagVis version 1.9.33 suffers from an arbitrary file read vulnerability. • https://packetstorm.news/files/id/190498 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3979 – NagVis CoreLogonMultisite.php checkAuthCookie type conversion
https://notcve.org/view.php?id=CVE-2022-3979
13 Nov 2022 — A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. • https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33178
https://notcve.org/view.php?id=CVE-2021-33178
14 Oct 2021 — The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system. La funcionalidad de gestión de fondos en las versiones de NagVis anteriores a la versiión 1.9.29 es vulnerable a una vulnerabilidad de cruce de ruta autenticada. La explotación de esta vulnerabilidad hace que un actor malintencionado tenga la capacidad d... • https://nagvis.org/downloads/changelog/1.9.29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6393
https://notcve.org/view.php?id=CVE-2017-6393
02 Mar 2017 — An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se ha descubierto un problema en NagVis 1.9b12. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL "nagvis-master/share/userfiles/gadgets/std_tab... • http://www.securityfocus.com/bid/96537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •