Observium
Products
1- 23 CVEs
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25147 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because… | ||
| CVE-2020-25132 | Cri | 0.64 | 9.8 | 0.02 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass… | ||
| CVE-2024-47002 | Hig | 0.58 | 8.7 | 0.14 | Jan 15, 2025 | A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. | ||
| CVE-2024-47140 | Hig | 0.57 | 8.7 | 0.01 | Jan 15, 2025 | A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | ||
| CVE-2024-45061 | Hig | 0.57 | 8.7 | 0.01 | Jan 15, 2025 | A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the… | ||
| CVE-2020-25149 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25145 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25144 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25143 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne… | ||
| CVE-2020-25136 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25134 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25133 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-25142 | Med | 0.42 | 6.5 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. | ||
| CVE-2020-25130 | Med | 0.42 | 6.5 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass… | ||
| CVE-2020-25148 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of… | ||
| CVE-2020-25146 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for… | ||
| CVE-2020-25141 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a… | ||
| CVE-2020-25140 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | ||
| CVE-2020-25139 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for… | ||
| CVE-2020-25138 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via… |
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because…
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass…
- risk 0.58cvss 8.7epss 0.14
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.
- risk 0.57cvss 8.7epss 0.01
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.
- risk 0.57cvss 8.7epss 0.01
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via…