Librenms
by Librenms
Source repositories
CVEs (90)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-50351 | 0.00 | — | 0.00 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution… | |||
| CVE-2024-50350 | 0.00 | — | 0.00 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This… | |||
| CVE-2024-49764 | 0.00 | — | 0.00 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new… | |||
| CVE-2024-49759 | 0.00 | — | 0.00 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill.… | |||
| CVE-2024-49758 | 0.00 | — | 0.00 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be… | |||
| CVE-2024-49754 | 0.00 | — | 0.70 | Nov 15, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This… | |||
| CVE-2024-47523 | 0.00 | — | 0.01 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields… | |||
| CVE-2024-47524 | 0.00 | — | 0.01 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is… | |||
| CVE-2024-47525 | 0.00 | — | 0.26 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the… | |||
| CVE-2024-47526 | 0.00 | — | 0.00 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon… | |||
| CVE-2024-47527 | 0.00 | — | 0.00 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This… | |||
| CVE-2024-47528 | 0.00 | — | 0.00 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can… | |||
| CVE-2024-32480 | 0.00 | — | 0.20 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and… | |||
| CVE-2024-32479 | 0.00 | — | 0.34 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. | |||
| CVE-2024-32461 | 0.00 | — | 0.19 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this… | |||
| CVE-2023-46745 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain… | |||
| CVE-2023-48294 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access… | |||
| CVE-2023-48295 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been… | |||
| CVE-2023-5591 | 0.00 | — | 0.22 | Oct 16, 2023 | SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. | |||
| CVE-2023-5060 | 0.00 | — | 0.01 | Sep 19, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. |
- CVE-2024-50351Nov 15, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution…
- CVE-2024-50350Nov 15, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This…
- CVE-2024-49764Nov 15, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new…
- CVE-2024-49759Nov 15, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the "bill_name" parameter when creating a new bill.…
- CVE-2024-49758Nov 15, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be…
- CVE-2024-49754Nov 15, 2024risk 0.00cvss —epss 0.70
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This…
- CVE-2024-47523Oct 1, 2024risk 0.00cvss —epss 0.01
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields…
- CVE-2024-47524Oct 1, 2024risk 0.00cvss —epss 0.01
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is…
- CVE-2024-47525Oct 1, 2024risk 0.00cvss —epss 0.26
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the…
- CVE-2024-47526Oct 1, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon…
- CVE-2024-47527Oct 1, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This…
- CVE-2024-47528Oct 1, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can…
- CVE-2024-32480Apr 22, 2024risk 0.00cvss —epss 0.20
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and…
- CVE-2024-32479Apr 22, 2024risk 0.00cvss —epss 0.34
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
- CVE-2024-32461Apr 22, 2024risk 0.00cvss —epss 0.19
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this…
- CVE-2023-46745Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain…
- CVE-2023-48294Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access…
- CVE-2023-48295Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been…
- CVE-2023-5591Oct 16, 2023risk 0.00cvss —epss 0.22
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
- CVE-2023-5060Sep 19, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Page 3 of 5