Low severityNVD Advisory· Published May 17, 2025· Updated May 19, 2025
LibreNMS stored Cross-site Scripting vulnerability in poller group name
CVE-2025-47931
Description
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the group name parameter of the http://localhost/poller/groups form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
librenms/librenmsPackagist | < 25.5.0 | 25.5.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hxw5-9cc5-cmw5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-47931ghsaADVISORY
- github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.phpghsax_refsource_MISCWEB
- github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062ghsax_refsource_MISCWEB
- github.com/librenms/librenms/pull/17603ghsax_refsource_MISCWEB
- github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.