Librenms

Librenms

104 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-47931

Exploit
  • EPSS 0.01%
  • Veröffentlicht 17.05.2025 15:51:17
  • Zuletzt bearbeitet 28.05.2025 13:19:14

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability all...

5.4

CVE-2025-23198

Exploit
  • EPSS 0.15%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 28.04.2025 16:44:31

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versi...

5.4

CVE-2025-23199

Exploit
  • EPSS 0.16%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 15:13:40

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts....

5.4

CVE-2025-23200

Exploit
  • EPSS 4.29%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 15:12:30

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts....

6.1

CVE-2025-23201

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.01.2025 23:15:08
  • Zuletzt bearbeitet 25.03.2025 14:57:12

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malic...

5.4

CVE-2024-56144

Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.01.2025 23:15:07
  • Zuletzt bearbeitet 28.04.2025 16:44:52

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versi...

5.4

CVE-2024-53457

Exploit
  • EPSS 35.63%
  • Veröffentlicht 05.12.2024 22:15:20
  • Zuletzt bearbeitet 07.04.2025 14:55:43

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

5.4

CVE-2024-52526

Exploit
  • EPSS 1.19%
  • Veröffentlicht 15.11.2024 16:15:38
  • Zuletzt bearbeitet 20.11.2024 14:39:19

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" param...

5.4

CVE-2024-51494

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.11.2024 16:15:37
  • Zuletzt bearbeitet 20.11.2024 14:40:56

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when edi...

5.4

CVE-2024-51495

Exploit
  • EPSS 0.9%
  • Veröffentlicht 15.11.2024 16:15:37
  • Zuletzt bearbeitet 20.11.2024 14:41:07

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter w...