Nagvis
CVE-2024-38866
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
AnalysisAI
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-140. Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection Affected products include: Nagvis. Version information: version 1.9.47.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path trave
An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1)
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severit
CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1)
Same weakness CWE-140 – Improper Neutralization of Delimiters
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today