Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates. librenms suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in the Create/Modify Transfer Group, Add/Edit Service and Edit Service templates. An attacker could exploit this vulnerability to cause malicious javascript code to be run on a web page.