VYPR

Vendor CVEs

Observium

All CVEs

23 total · sorted by risk
  • CVE-2020-25147CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because…

  • CVE-2020-25132CriSep 25, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass…

  • CVE-2024-47002HigJan 15, 2025
    risk 0.58cvss 8.7epss 0.14

    A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.

  • CVE-2024-47140HigJan 15, 2025
    risk 0.57cvss 8.7epss 0.01

    A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.

  • CVE-2024-45061HigJan 15, 2025
    risk 0.57cvss 8.7epss 0.01

    A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the…

  • CVE-2020-25149HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25145HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25144HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25143HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=ne…

  • CVE-2020-25136HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25134HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25133HigSep 25, 2020
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…

  • CVE-2020-25142MedSep 25, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.

  • CVE-2020-25130MedSep 25, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass…

  • CVE-2020-25148MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of…

  • CVE-2020-25146MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…

  • CVE-2020-25141MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a…

  • CVE-2020-25140MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.

  • CVE-2020-25139MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for…

  • CVE-2020-25138MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via…

  • CVE-2020-25137MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message…

  • CVE-2020-25135MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the…

  • CVE-2020-25131MedSep 25, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr…