Vendor CVEs
Librenms
All CVEs
90 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47527 | 0.00 | — | 0.00 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This… | |||
| CVE-2024-47528 | 0.00 | — | 0.00 | Oct 1, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can… | |||
| CVE-2024-32480 | 0.00 | — | 0.20 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and… | |||
| CVE-2024-32479 | 0.00 | — | 0.34 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability. | |||
| CVE-2024-32461 | 0.00 | — | 0.19 | Apr 22, 2024 | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this… | |||
| CVE-2023-46745 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain… | |||
| CVE-2023-48294 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access… | |||
| CVE-2023-48295 | 0.00 | — | 0.01 | Nov 17, 2023 | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been… | |||
| CVE-2023-5591 | 0.00 | — | 0.22 | Oct 16, 2023 | SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. | |||
| CVE-2023-5060 | 0.00 | — | 0.01 | Sep 19, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. | |||
| CVE-2023-4982 | 0.00 | — | 0.01 | Sep 15, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4981 | 0.00 | — | 0.01 | Sep 15, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4980 | 0.00 | — | 0.01 | Sep 15, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4978 | 0.00 | — | 0.01 | Sep 15, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4979 | 0.00 | — | 0.01 | Sep 15, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4977 | 0.00 | — | 0.00 | Sep 15, 2023 | Code Injection in GitHub repository librenms/librenms prior to 23.9.0. | |||
| CVE-2023-4347 | 0.00 | — | 0.67 | Aug 15, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. | |||
| CVE-2022-4069 | 0.00 | — | 0.93 | Nov 20, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-4067 | 0.00 | — | 0.94 | Nov 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-3516 | 0.00 | — | 0.00 | Nov 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-4070 | 0.00 | — | 0.01 | Nov 20, 2022 | Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-4068 | 0.00 | — | 0.34 | Nov 20, 2022 | A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to… | |||
| CVE-2022-3561 | 0.00 | — | 0.01 | Nov 20, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-3525 | 0.00 | — | 0.01 | Nov 20, 2022 | Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. | |||
| CVE-2022-3231 | 0.00 | — | 0.01 | Sep 17, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. | |||
| CVE-2022-36746 | 0.00 | — | 0.00 | Aug 30, 2022 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | |||
| CVE-2022-36745 | 0.00 | — | 0.00 | Aug 30, 2022 | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | |||
| CVE-2022-29712 | 0.00 | — | 0.02 | May 31, 2022 | LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | |||
| CVE-2022-29711 | 0.00 | — | 0.01 | May 31, 2022 | LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | |||
| CVE-2022-0772 | 0.00 | — | 0.01 | Feb 27, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. | |||
| CVE-2022-0589 | 0.00 | — | 0.01 | Feb 15, 2022 | Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | |||
| CVE-2022-0588 | 0.00 | — | 0.01 | Feb 15, 2022 | Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0587 | 0.00 | — | 0.01 | Feb 15, 2022 | Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0580 | 0.00 | — | 0.01 | Feb 14, 2022 | Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0575 | 0.00 | — | 0.01 | Feb 13, 2022 | Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | |||
| CVE-2022-0576 | 0.00 | — | 0.01 | Feb 13, 2022 | Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | |||
| CVE-2019-10670 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data… | |||
| CVE-2019-10666 | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP… | |||
| CVE-2019-15230 | 0.00 | — | 0.01 | Aug 28, 2019 | LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an… | |||
| CVE-2018-20678 | 0.00 | — | 0.01 | Mar 28, 2019 | LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. |
- CVE-2024-47527Oct 1, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This…
- CVE-2024-47528Oct 1, 2024risk 0.00cvss —epss 0.00
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can…
- CVE-2024-32480Apr 22, 2024risk 0.00cvss —epss 0.20
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and…
- CVE-2024-32479Apr 22, 2024risk 0.00cvss —epss 0.34
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
- CVE-2024-32461Apr 22, 2024risk 0.00cvss —epss 0.19
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this…
- CVE-2023-46745Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain…
- CVE-2023-48294Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access…
- CVE-2023-48295Nov 17, 2023risk 0.00cvss —epss 0.01
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been…
- CVE-2023-5591Oct 16, 2023risk 0.00cvss —epss 0.22
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
- CVE-2023-5060Sep 19, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
- CVE-2023-4982Sep 15, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4981Sep 15, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4980Sep 15, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4978Sep 15, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4979Sep 15, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4977Sep 15, 2023risk 0.00cvss —epss 0.00
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
- CVE-2023-4347Aug 15, 2023risk 0.00cvss —epss 0.67
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
- CVE-2022-4069Nov 20, 2022risk 0.00cvss —epss 0.93
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-4067Nov 20, 2022risk 0.00cvss —epss 0.94
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-3516Nov 20, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-4070Nov 20, 2022risk 0.00cvss —epss 0.01
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-4068Nov 20, 2022risk 0.00cvss —epss 0.34
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to…
- CVE-2022-3561Nov 20, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-3525Nov 20, 2022risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
- CVE-2022-3231Sep 17, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
- CVE-2022-36746Aug 30, 2022risk 0.00cvss —epss 0.00
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
- CVE-2022-36745Aug 30, 2022risk 0.00cvss —epss 0.00
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
- CVE-2022-29712May 31, 2022risk 0.00cvss —epss 0.02
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
- CVE-2022-29711May 31, 2022risk 0.00cvss —epss 0.01
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
- CVE-2022-0772Feb 27, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
- CVE-2022-0589Feb 15, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
- CVE-2022-0588Feb 15, 2022risk 0.00cvss —epss 0.01
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0587Feb 15, 2022risk 0.00cvss —epss 0.01
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0580Feb 14, 2022risk 0.00cvss —epss 0.01
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0575Feb 13, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
- CVE-2022-0576Feb 13, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
- CVE-2019-10670Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data…
- CVE-2019-10666Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP…
- CVE-2019-15230Aug 28, 2019risk 0.00cvss —epss 0.01
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an…
- CVE-2018-20678Mar 28, 2019risk 0.00cvss —epss 0.01
LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
Page 2 of 2