VYPR

Vendor CVEs

Librenms

All CVEs

90 total · sorted by risk
  • CVE-2024-47527Oct 1, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This…

  • CVE-2024-47528Oct 1, 2024
    risk 0.00cvss epss 0.00

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can…

  • CVE-2024-32480Apr 22, 2024
    risk 0.00cvss epss 0.20

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and…

  • CVE-2024-32479Apr 22, 2024
    risk 0.00cvss epss 0.34

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

  • CVE-2024-32461Apr 22, 2024
    risk 0.00cvss epss 0.19

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this…

  • CVE-2023-46745Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain…

  • CVE-2023-48294Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access…

  • CVE-2023-48295Nov 17, 2023
    risk 0.00cvss epss 0.01

    LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been…

  • CVE-2023-5591Oct 16, 2023
    risk 0.00cvss epss 0.22

    SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.

  • CVE-2023-5060Sep 19, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.

  • CVE-2023-4982Sep 15, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4981Sep 15, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4980Sep 15, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4978Sep 15, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4979Sep 15, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4977Sep 15, 2023
    risk 0.00cvss epss 0.00

    Code Injection in GitHub repository librenms/librenms prior to 23.9.0.

  • CVE-2023-4347Aug 15, 2023
    risk 0.00cvss epss 0.67

    Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.

  • CVE-2022-4069Nov 20, 2022
    risk 0.00cvss epss 0.93

    Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-4067Nov 20, 2022
    risk 0.00cvss epss 0.94

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-3516Nov 20, 2022
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-4070Nov 20, 2022
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-4068Nov 20, 2022
    risk 0.00cvss epss 0.34

    A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to…

  • CVE-2022-3561Nov 20, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-3525Nov 20, 2022
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.

  • CVE-2022-3231Sep 17, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

  • CVE-2022-36746Aug 30, 2022
    risk 0.00cvss epss 0.00

    LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.

  • CVE-2022-36745Aug 30, 2022
    risk 0.00cvss epss 0.00

    LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.

  • CVE-2022-29712May 31, 2022
    risk 0.00cvss epss 0.02

    LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.

  • CVE-2022-29711May 31, 2022
    risk 0.00cvss epss 0.01

    LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

  • CVE-2022-0772Feb 27, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.

  • CVE-2022-0589Feb 15, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.

  • CVE-2022-0588Feb 15, 2022
    risk 0.00cvss epss 0.01

    Missing Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0587Feb 15, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0580Feb 14, 2022
    risk 0.00cvss epss 0.01

    Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0575Feb 13, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.

  • CVE-2022-0576Feb 13, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.

  • CVE-2019-10670Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data…

  • CVE-2019-10666Sep 9, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP…

  • CVE-2019-15230Aug 28, 2019
    risk 0.00cvss epss 0.01

    LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an…

  • CVE-2018-20678Mar 28, 2019
    risk 0.00cvss epss 0.01

    LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.

Page 2 of 2