Nagvis
Monthly
CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.