Vulnerabilities > Nagvis > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2023-46287 Cross-site Scripting vulnerability in Nagvis
XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.
network
low complexity
nagvis CWE-79
6.1
6.1
2023-05-26 CVE-2022-46945 Path Traversal vulnerability in Nagvis
Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.
network
low complexity
nagvis CWE-22
6.5
6.5
2021-10-14 CVE-2021-33178 Path Traversal vulnerability in Nagvis
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability.
network
low complexity
nagvis CWE-22
6.5
6.5
2017-03-02 CVE-2017-6393 Cross-site Scripting vulnerability in Nagvis 1.9
An issue was discovered in NagVis 1.9b12.
network
low complexity
nagvis CWE-79
6.1
6.1