Lucene search
K

LibreNMS: Cross-Site Scripting in ShowConfigController

🗓️ 18 May 2026 17:00:49Reported by GitHub Advisory DatabaseType 
github
 github
🔗 github.com👁 20 Views

Stored XSS on device showconfig from unsanitised rancid_repo_url in external Rancid settings.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-2728
13 Apr 202610:39
attackerkb
Circl
CVE-2026-2728
13 Apr 202615:10
circl
CNNVD
LibreNMS 安全漏洞
13 Apr 202600:00
cnnvd
CVE
CVE-2026-2728
13 Apr 202610:39
cve
Cvelist
CVE-2026-2728
13 Apr 202610:39
cvelist
EUVD
EUVD-2026-21907
18 May 202617:00
euvd
Github Security Blog
Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page
13 Apr 202612:31
github
NVD
CVE-2026-2728
13 Apr 202611:16
nvd
OSV
CVE-2026-2728
13 Apr 202610:39
osv
OSV
GHSA-5GM9-622F-QCG5 LibreNMS: Cross-Site Scripting in ShowConfigController
18 May 202617:00
osv
Rows per page
Vulners
Node
librenmslibrenmsRange25.12.026.3.0composer

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 May 2026 17:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.14.8
CVSS 44.6
EPSS0.00225
SSVC
20