Skip to main content

Nagvis

8 CVEs product

Monthly

CVE-2025-39665 MEDIUM PATCH This Month

CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Nagvis
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-47090 MEDIUM This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagvis
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2024-38866 MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nagvis
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-47093 MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nagvis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46287 MEDIUM PATCH This Month

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Nagvis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-3979 HIGH POC PATCH This Week

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure PHP Nagvis
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-33178 MEDIUM This Month

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nagvis
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2017-6393 MEDIUM PATCH This Month

An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Nagvis
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

CVE-2025-39665 is a security vulnerability (CVSS 5.3) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagvis
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nagvis
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nagvis
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Nagvis
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure PHP Nagvis
NVD GitHub VulDB
EPSS 2% CVSS 6.5
MEDIUM This Month

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nagvis
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in NagVis 1.9b12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Nagvis
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy