← Back

Nxlog

nxlog

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Nxlog Manager
nxlog_manager
Nxlog
nxlog

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Nxlog
1Nxlog Manager
Jun 17, 2026
Oct 3, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The v...Show more
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.Show less
1Nxlog
1Nxlog Manager
Jun 17, 2026
Oct 3, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query...Show more
Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.Show less
1Nxlog
1Nxlog Manager
Jun 17, 2026
Oct 3, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sa...Show more
Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.Show less
1Nxlog
1Nxlog
Jun 17, 2026
Jan 5, 2021
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a s...Show more
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)Show less