Nagvis
by Nagvis
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6175 | Cri | 0.68 | 9.8 | 0.20 | Feb 7, 2017 | Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | ||
| CVE-2022-46945 | Cri | 0.55 | 9.1 | 0.04 | May 26, 2023 | Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | ||
| CVE-2024-13723 | Hig | 0.47 | 7.2 | 0.01 | Feb 4, 2025 | The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. | ||
| CVE-2024-38866 | Hig | 0.42 | 7.5 | 0.00 | May 27, 2025 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection | ||
| CVE-2021-33178 | Med | 0.42 | 6.5 | 0.02 | Oct 14, 2021 | The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system. | ||
| CVE-2024-47090 | Med | 0.40 | 6.1 | 0.00 | May 27, 2025 | Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS | ||
| CVE-2017-6393 | Med | 0.40 | 6.1 | 0.01 | Mar 2, 2017 | An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context… | ||
| CVE-2024-13722 | Med | 0.35 | 5.4 | 0.01 | Feb 4, 2025 | The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated… | ||
| CVE-2025-39665 | 0.00 | — | 0.00 | Dec 3, 2025 | User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames. | |||
| CVE-2024-47093 | Hig | 0.00 | 8.8 | 0.01 | Dec 19, 2024 | Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | ||
| CVE-2023-46287 | Med | 0.00 | 6.1 | 0.01 | Oct 20, 2023 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | ||
| CVE-2022-3979 | Med | 0.00 | 5.6 | 0.01 | Nov 13, 2022 | A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may… |
- risk 0.68cvss 9.8epss 0.20
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
- risk 0.55cvss 9.1epss 0.04
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.
- risk 0.47cvss 7.2epss 0.01
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
- risk 0.42cvss 7.5epss 0.00
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
- risk 0.42cvss 6.5epss 0.02
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.
- risk 0.40cvss 6.1epss 0.00
Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context…
- risk 0.35cvss 5.4epss 0.01
The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated…
- CVE-2025-39665Dec 3, 2025risk 0.00cvss —epss 0.00
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.
- risk 0.00cvss 8.8epss 0.01
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS
- risk 0.00cvss 6.1epss 0.01
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
- risk 0.00cvss 5.6epss 0.01
A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may…