Fibranet: >> Monitorix Security Vulnerabilities
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
CVSS Score
9.8
EPSS Score
0.014
Published
2021-01-27
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
CVSS Score
9.8
EPSS Score
0.046
Published
2019-12-31
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-31
Monitorix before 3.10.1 allows XSS via CGI variables.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-02