Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-28803PUBLISHED: 2022-06-29In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
CVE-2022-29269PUBLISHED: 2022-06-29In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVE-2022-29270PUBLISHED: 2022-06-29In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVE-2022-29271PUBLISHED: 2022-06-29In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVE-2022-29272PUBLISHED: 2022-06-29In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
User Rank: Ninja
1/24/2019 | 1:14:57 AM