VYPR

Core Config Manager

by Nagios

CVEs (6)

  • CVE-2021-47691Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting (XSS) vulnerabilities via the Services page affecting the config_name and service_description fields. Insufficient validation or escaping of…

  • CVE-2022-50584Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.6 / Nagios XI 5.8.8 contains a cross-site scripting (XSS) vulnerability via the search and deletion interfaces. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and…

  • CVE-2020-36861Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting (XSS) vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input…

  • CVE-2020-36860Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting (XSS) vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute…

  • CVE-2021-47693Oct 30, 2025
    risk 0.00cvss epss 0.01

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing…

  • CVE-2021-47694Oct 30, 2025
    risk 0.00cvss epss 0.00

    The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a reflected cross-site scripting (XSS) vulnerability via the Test Command functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject…

VYPR — Vulnerability Intelligence