CVE-2025-34278

Medium CVSS: 5.1

Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context.

Vendor

Nagios

Product

Network Analyzer

CWE

CWE-79

Yayın Tarihi

2025-10-30 22:15:48

Güncelleme

2025-11-06 18:15:26

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Network Analyzer MEDIUM Nagios 2025

Referanslar

https://www.nagios.com/changelog/#network-analyzer https://www.nagios.com/products/security/#network-analyzer https://www.vulncheck.com/advisories/nagios-network-analyzer-source-groups-percentile-calculator-menu-stored-xss

Benzer Kayıtlar

High

CVE-2026-2041

Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allo…

High

CVE-2026-2042

Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote att…

High

CVE-2026-2043

Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerabili…

High

CVE-2025-67254

NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.

High

CVE-2025-67255

In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to…

High

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between s…