NagvisCVEs & Vulnerabilities

9 CVEs affecting Nagvis products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

nagvis 9
CVE-2025-39665MEDIUM

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

3 Dec 2025
5.3
CVSS
CVE-2024-47090MEDIUM

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS

27 May 2025
6.1
CVSS
CVE-2024-38866HIGH

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection

27 May 2025
7.5
CVSS
CVE-2024-47093MEDIUM

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS

19 Dec 2024
6.1
CVSS
CVE-2023-46287MEDIUM

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

20 Oct 2023
6.1
CVSS
CVE-2022-46945MEDIUMpoc

Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.

26 May 2023
6.5
CVSS
CVE-2022-3979HIGH

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.

14 Nov 2022
8.1
CVSS
CVE-2021-33178MEDIUM

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

14 Oct 2021
6.5
CVSS
CVE-2017-6393MEDIUM

An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

2 Mar 2017
6.1
CVSS
← PrevPage 1 / 1Next →