VYPR

Log Server

by Nagios

CVEs (26)

  • CVE-2025-29471HigApr 15, 2025
    risk 0.57cvss 8.3epss 0.06

    Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

  • CVE-2020-6585HigMar 16, 2020
    risk 0.57cvss 8.8epss 0.01

    Nagios Log Server 2.1.3 has CSRF.

  • CVE-2020-6584MedMar 16, 2020
    risk 0.43cvss 6.5epss 0.04

    Nagios Log Server 2.1.3 has Incorrect Access Control.

  • CVE-2021-35478MedJul 30, 2021
    risk 0.41cvss 5.4epss 0.77

    Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.

  • CVE-2020-25385MedJan 20, 2021
    risk 0.41cvss 6.1epss 0.16

    Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.

  • CVE-2019-15898MedSep 3, 2019
    risk 0.40cvss 6.1epss 0.02

    Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.

  • CVE-2020-6586MedMar 16, 2020
    risk 0.37cvss 5.4epss 0.27

    Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.

  • CVE-2021-35479MedJul 30, 2021
    risk 0.36cvss 5.4epss 0.13

    Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.

  • CVE-2020-16157MedJul 30, 2020
    risk 0.36cvss 5.4epss 0.14

    A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.

  • CVE-2025-34323Nov 17, 2025
    risk 0.00cvss epss 0.00

    Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to…

  • CVE-2025-34322Nov 17, 2025
    risk 0.00cvss epss 0.05

    Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability in the experimental 'Natural Language Queries' feature. When this feature is configured, certain user-controlled settings—including model selection and connection…

  • CVE-2023-7321Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser…

  • CVE-2023-7323Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.

  • CVE-2020-36858Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute…

  • CVE-2025-34298Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state,…

  • CVE-2025-34277Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to…

  • CVE-2025-34272Oct 30, 2025
    risk 0.00cvss epss 0.01

    In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's…

  • CVE-2025-34273Oct 30, 2025
    risk 0.00cvss epss 0.01

    Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling…

  • CVE-2024-58273Oct 30, 2025
    risk 0.00cvss epss 0.00

    Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.

  • CVE-2025-34274Oct 30, 2025
    risk 0.00cvss epss 0.02

    Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin,…

Page 1 of 2