Nagios

Fusion

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-20209

  • EPSS 0.43%
  • Veröffentlicht 30.10.2025 21:22:07
  • Zuletzt bearbeitet 06.11.2025 18:23:03

Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context...

6.1

CVE-2018-25119

  • EPSS 0.43%
  • Veröffentlicht 30.10.2025 21:21:46
  • Zuletzt bearbeitet 06.11.2025 18:22:07

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the contex...

4.8

CVE-2023-53689

  • EPSS 0.13%
  • Veröffentlicht 30.10.2025 21:20:59
  • Zuletzt bearbeitet 06.11.2025 18:21:58

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. Wh...

4.8

CVE-2023-53690

  • EPSS 1.9%
  • Veröffentlicht 30.10.2025 21:20:37
  • Zuletzt bearbeitet 06.11.2025 18:20:19

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript t...

4.8

CVE-2023-7312

  • EPSS 0.41%
  • Veröffentlicht 30.10.2025 21:19:51
  • Zuletzt bearbeitet 06.11.2025 18:20:11

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute...

8.1

CVE-2025-34269

  • EPSS 0.29%
  • Veröffentlicht 30.10.2025 21:19:26
  • Zuletzt bearbeitet 07.11.2025 19:16:13

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424.

9.8

CVE-2025-34249

  • EPSS 1.56%
  • Veröffentlicht 30.10.2025 21:19:05
  • Zuletzt bearbeitet 07.11.2025 19:15:47

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425.

8.6

CVE-2025-60425

  • EPSS 2.09%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 20:55:29

Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.

7.6

CVE-2025-60424

  • EPSS 0.35%
  • Veröffentlicht 27.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 21:00:24

A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.

9

CVE-2020-28909

Exploit
  • EPSS 1%
  • Veröffentlicht 24.05.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:23:16

Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.