VYPR

Librenms

by Librenms

Source repositories

CVEs (90)

  • CVE-2024-50351Nov 15, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution…

  • CVE-2024-50350Nov 15, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This…

  • CVE-2024-49764Nov 15, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new…

  • CVE-2024-49759Nov 15, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill.…

  • CVE-2024-49758Nov 15, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be…

  • CVE-2024-49754Nov 15, 2024
    risk 0.00cvss epss 0.70

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This…

  • CVE-2024-47523Oct 1, 2024
    risk 0.00cvss epss 0.01

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields…

  • CVE-2024-47524Oct 1, 2024
    risk 0.00cvss epss 0.01

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is…

  • CVE-2024-47525Oct 1, 2024
    risk 0.00cvss epss 0.26

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the…

  • CVE-2024-47526Oct 1, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon…

  • CVE-2024-47527Oct 1, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This…

  • CVE-2024-47528Oct 1, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can…

  • CVE-2024-32480Apr 22, 2024
    risk 0.00cvss epss 0.20

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and…

  • CVE-2024-32479Apr 22, 2024
    risk 0.00cvss epss 0.34

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

  • CVE-2024-32461Apr 22, 2024
    risk 0.00cvss epss 0.19

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this…

  • CVE-2023-46745Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain…

  • CVE-2023-48294Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access…

  • CVE-2023-48295Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been…

  • CVE-2023-5591Oct 16, 2023
    risk 0.00cvss epss 0.22

    SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

  • CVE-2023-5060Sep 19, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.