VYPR

Librenms

by Librenms

Source repositories

CVEs (90)

  • CVE-2022-0589Feb 15, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.

  • CVE-2022-0588Feb 15, 2022
    risk 0.00cvss epss 0.01

    Missing Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0587Feb 15, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0580Feb 14, 2022
    risk 0.00cvss epss 0.01

    Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0575Feb 13, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0576Feb 13, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.

  • CVE-2019-10670Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data…

  • CVE-2019-10666Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP…

  • CVE-2019-15230Aug 28, 2019
    risk 0.00cvss epss 0.01

    LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an…

  • CVE-2018-20678Mar 28, 2019
    risk 0.00cvss epss 0.01

    LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.

Page 5 of 5