Observium CE

CVEs (23)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2024-47002	Observium Observium CE	0.01	—	0.08	Jan 15, 2025	A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.
CVE-2024-47140	Magnolia Ce	0.00	—	0.01	Jan 15, 2025	A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
CVE-2024-45061	Observium Observium CE	0.00	—	0.01	Jan 15, 2025	A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…
CVE-2020-25149	Observium Observium CE	0.00	—	0.01	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25148	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of…
CVE-2020-25147	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because…
CVE-2020-25146	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
CVE-2020-25145	Observium Observium CE	0.00	—	0.01	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25144	Observium Observium CE	0.00	—	0.01	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25143	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne…
CVE-2020-25142	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.
CVE-2020-25141	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a…
CVE-2020-25140	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE-2020-25139	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
CVE-2020-25138	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via…
CVE-2020-25137	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message…
CVE-2020-25136	Observium Observium CE	0.00	—	0.01	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25135	Observium Observium CE	0.00	—	0.00	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the…
CVE-2020-25134	Observium Observium CE	0.00	—	0.04	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25133	Observium Observium CE	0.00	—	0.01	Sep 25, 2020	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

CVE-2024-47002Jan 15, 2025
Observium
Observium CE
risk 0.01cvss —epss 0.08
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.
CVE-2024-47140Jan 15, 2025
Magnolia
Ce
risk 0.00cvss —epss 0.01
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
CVE-2024-45061Jan 15, 2025
Observium
Observium CE
risk 0.00cvss —epss 0.01
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…
CVE-2020-25149Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25148Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of…
CVE-2020-25147Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because…
CVE-2020-25146Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
CVE-2020-25145Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25144Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25143Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne…
CVE-2020-25142Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.
CVE-2020-25141Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a…
CVE-2020-25140Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE-2020-25139Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
CVE-2020-25138Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via…
CVE-2020-25137Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message…
CVE-2020-25136Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25135Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.00
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the…
CVE-2020-25134Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.04
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
CVE-2020-25133Sep 25, 2020
Observium
Observium CE
risk 0.00cvss —epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

Page 1 of 2