Vulnerabilities > Xymon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-27 | CVE-2019-13274 | Cross-site Scripting vulnerability in multiple products In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. | 4.3 |
| 2016-04-13 | CVE-2016-2056 | Command Injection vulnerability in multiple products xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | 6.5 |
| 2016-04-13 | CVE-2016-2055 | Information Exposure vulnerability in multiple products xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | 5.0 |
| 2013-10-11 | CVE-2013-4173 | Path Traversal vulnerability in Xymon Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. | 5.0 |
| 2011-04-18 | CVE-2011-1716 | Cross-Site Scripting vulnerability in Xymon Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |