Librenms

Librenms

105 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-54138

Exploit
  • EPSS 0.8%
  • Veröffentlicht 22.07.2025 21:33:59
  • Zuletzt bearbeitet 05.08.2025 17:52:39

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php ...

6.1

CVE-2025-47931

Exploit
  • EPSS 0.27%
  • Veröffentlicht 17.05.2025 15:51:17
  • Zuletzt bearbeitet 28.05.2025 13:19:14

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability all...

5.4

CVE-2025-23198

Exploit
  • EPSS 0.35%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 28.04.2025 16:44:31

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versi...

5.4

CVE-2025-23199

Exploit
  • EPSS 1.22%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 15:13:40

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts....

5.4

CVE-2025-23200

Exploit
  • EPSS 30.85%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 15:12:30

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts....

6.1

CVE-2025-23201

Exploit
  • EPSS 0.4%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 14:57:12

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malic...

5.4

CVE-2024-56144

Exploit
  • EPSS 0.37%
  • Veröffentlicht 16.01.2025 23:15:07
  • Zuletzt bearbeitet 28.04.2025 16:44:52

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versi...

5.4

CVE-2024-53457

Exploit
  • EPSS 42.46%
  • Veröffentlicht 05.12.2024 22:15:20
  • Zuletzt bearbeitet 07.04.2025 14:55:43

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

5.4

CVE-2024-52526

Exploit
  • EPSS 0.45%
  • Veröffentlicht 15.11.2024 16:15:38
  • Zuletzt bearbeitet 20.11.2024 14:39:19

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" param...

5.4

CVE-2024-51494

Exploit
  • EPSS 0.4%
  • Veröffentlicht 15.11.2024 16:15:37
  • Zuletzt bearbeitet 20.11.2024 14:40:56

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when edi...