Librenms
by Librenms
Source repositories
CVEs (90)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0589 | 0.00 | — | 0.01 | Feb 15, 2022 | Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | |||
| CVE-2022-0588 | 0.00 | — | 0.01 | Feb 15, 2022 | Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0587 | 0.00 | — | 0.01 | Feb 15, 2022 | Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0580 | 0.00 | — | 0.01 | Feb 14, 2022 | Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0575 | 0.00 | — | 0.01 | Feb 13, 2022 | Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0576 | 0.00 | — | 0.01 | Feb 13, 2022 | Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||
| CVE-2019-10670 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data… | |||
| CVE-2019-10666 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP… | |||
| CVE-2019-15230 | 0.00 | — | 0.01 | Aug 28, 2019 | LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an… | |||
| CVE-2018-20678 | 0.00 | — | 0.01 | Mar 28, 2019 | LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. |
- CVE-2022-0589Feb 15, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
- CVE-2022-0588Feb 15, 2022risk 0.00cvss —epss 0.01
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0587Feb 15, 2022risk 0.00cvss —epss 0.01
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0580Feb 14, 2022risk 0.00cvss —epss 0.01
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0575Feb 13, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0576Feb 13, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
- CVE-2019-10670Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data…
- CVE-2019-10666Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP…
- CVE-2019-15230Aug 28, 2019risk 0.00cvss —epss 0.01
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an…
- CVE-2018-20678Mar 28, 2019risk 0.00cvss —epss 0.01
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
Page 5 of 5